Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe

Overview

General Information

Sample name:SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
Analysis ID:1492758
MD5:ac5ffc6e945471ce5e631f5fa8853d5a
SHA1:78f51682ec3d075aa90f49fe934ec77680d1e37a
SHA256:5a5a8ea05ccbc2cf33b2ffa7b09a725cabfa86bac080458f4f80a572bae83aec
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:37
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Creates files in alternative data streams (ADS)
Javascript checks online IP of machine
Queries disk data (e.g. SMART data)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to delay execution (extensive OutputDebugStringW loop)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe (PID: 6684 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe" MD5: AC5FFC6E945471CE5E631F5FA8853D5A)
    • VC_redist.x86.exe (PID: 4424 cmdline: "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart MD5: 9882A328C8414274555845FA6B542D1E)
      • VC_redist.x86.exe (PID: 7752 cmdline: "C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=632 /quiet /norestart MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
        • VC_redist.x86.exe (PID: 4880 cmdline: "C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{806F96A1-857F-4718-91A2-BB73ECC6E3F3} {8975F7C5-2319-4A19-A97F-ED725B823907} 7752 MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
    • DriverHub.exe (PID: 4748 cmdline: "C:\Program Files (x86)\DriverHub\DriverHub.exe" MD5: 9E73D5B139958CD42A7067CBC44810B7)
      • test_wpf.exe (PID: 5472 cmdline: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe MD5: 03BA6C3A52780D89BE563B7CD5668AD0)
    • OperaGXDownloader.exe (PID: 5176 cmdline: "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0 MD5: CA696FF5944B0B4DC2786161F636E5D3)
      • setup.exe (PID: 3400 cmdline: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --silent --allusers=0 --server-tracking-blob=ZDk4YzUwYWJjYjhmMGQ4MDNiOGIxMmFlMmZjODBkM2IxOTViNGE1OWE1NGM4NDBkYTZkNDE3NzA5NTBlYTk2Yjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMjA0Mi42NjE1IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJhMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY4ZGNkZDI1LTc0YWUtNDFkNS05MDU3LWVmOWRiOTNmZTJhYiJ9 MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • setup.exe (PID: 6116 cmdline: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • setup.exe (PID: 5672 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • setup.exe (PID: 5380 cmdline: "C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZkYTFjNWI3ZWIyZDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMyMDQyLjY2MTUiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImEzMGI5NDRiZDE0NzRhNTA5YWRlMDkxNDA3NDUyNGVjIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjhkY2RkMjUtNzRhZS00MWQ1LTkwNTctZWY5ZGI5M2ZlMmFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC05000000000000 MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
          • setup.exe (PID: 6328 cmdline: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5260 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe" MD5: E9A2209B61F4BE34F25069A6E54AFFEA)
        • assistant_installer.exe (PID: 7804 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --version MD5: 4C8FBED0044DA34AD25F781C3D117A66)
          • assistant_installer.exe (PID: 7560 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64 MD5: 4C8FBED0044DA34AD25F781C3D117A66)
    • AvastDownloader.exe (PID: 6540 cmdline: "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WS MD5: D17C53DAA4B02748963E7902370840B7)
      • avast_free_antivirus_setup_online_x64.exe (PID: 5820 cmdline: "C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US MD5: C2626794E09A2197C5AC2FECC2F611A2)
        • Instup.exe (PID: 832 cmdline: "C:\Windows\Temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US MD5: 7342A3F59C64B20E80DE29EB49D99389)
          • instup.exe (PID: 5872 cmdline: "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US /online_installer MD5: 7342A3F59C64B20E80DE29EB49D99389)
            • sbr.exe (PID: 4236 cmdline: "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe" 5872 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!" MD5: 6BE2F1A6317D2FE0EBBFD712BEAA2F63)
    • chrome.exe (PID: 6928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chrome MD5: 464953824E644F10FFDC9E093FD18F94)
      • chrome.exe (PID: 7456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,15605554830572178620,16010966864040095375,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
  • msiexec.exe (PID: 780 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • VC_redist.x86.exe (PID: 3432 cmdline: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
    • VC_redist.x86.exe (PID: 2320 cmdline: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
      • VC_redist.x86.exe (PID: 7444 cmdline: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560 MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\Avast Software\Avast\setup\instup.exe" /instop:repair /wait, EventID: 13, EventType: SetValue, Image: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe, ProcessId: 5872, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\AvRepair
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce, EventID: 13, EventType: SetValue, Image: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe, ProcessId: 4880, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{46c3b171-c15c-4137-8e1d-67eeb2985b44}

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeVirustotal: Detection: 6%Perma Link
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeReversingLabs: Detection: 21%
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeVirustotal: Detection: 17%Perma Link
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DE9EB7 DecryptFileW,3_2_00DE9EB7
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,3_2_00E0F961
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DE9C99 DecryptFileW,DecryptFileW,3_2_00DE9C99
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_00389EB7 DecryptFileW,4_2_00389EB7
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003AF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,4_2_003AF961
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_00389C99 DecryptFileW,DecryptFileW,4_2_00389C99
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,5_2_0015F961
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00139C99 DecryptFileW,DecryptFileW,5_2_00139C99
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00139EB7 DecryptFileW,5_2_00139EB7
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,11_2_0031F961
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002F9C99 DecryptFileW,DecryptFileW,11_2_002F9C99
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002F9EB7 DecryptFileW,11_2_002F9EB7
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer_helper_64.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\launcher.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\notification_helper.exe

Phishing

barindex
Javascript checks online IP of machine
Source: https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.jsHTTP Parser: !function(e){if(!e.hasinitialised){var t={escaperegexp:function(e){return e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&")},hasclass:function(e,t){var i=" ";return 1===e.nodetype&&(i+e.classname+i).replace(/[\n\t]/g,i).indexof(i+t+i)>=0},addclass:function(e,t){e.classname+=" "+t},removeclass:function(e,t){var i=new regexp("\\b"+this.escaperegexp(t)+"\\b");e.classname=e.classname.replace(i,"")},interpolatestring:function(e,t){return e.replace(/{{([a-z][a-z0-9\-_]*)}}/gi,function(e){return t(arguments[1])||""})},getcookie:function(e){var t=("; "+document.cookie).split("; "+e+"=");return t.length<2?void 0:t.pop().split(";").shift()},setcookie:function(e,t,i,n,o,s){var r=new date;r.sethours(r.gethours()+24*(i||365));var a=[e+"="+t,"expires="+r.toutcstring(),"path="+(o||"/")];n&&a.push("domain="+n),s&&a.push("secure"),document.cookie=a.join(";")},deepextend:function(e,t){for(var i in t)t.hasownproperty(i)&&(i in e&&this.isplainobject(e[i])&&this.isplainobject(t[i])?this.deepextend(e[i],t[i]):e[i]=t[i]);retu...
Source: https://multipassword.com/en/extension-thankyouHTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer_helper_64.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\launcher.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\notification_helper.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeWindow detected: panel EnglishpanelpanelpanelpanelDriverHubAutomatically find andinstall drivers100% FreepanelFix and update all the device drivers by yourself. The software istotally free and you do not need call to service center.By downloading installing or using this product you agree to its:License agreementPrivacy policyDriverHub installs Bright Data components (no execution). You willbe able to view the component details in full before you accept thisoffer as well as being able to turn Bright Data on and off directlyfrom the "App Settings". Read more aboutBright Data's EULAUpdate outdated driversFind missing driversInstall drivers automatically in one clickDaily updated drivers databasepanelInstallCustom installation
Creates a directory in C:\Program Files
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast\setup
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast\setup\Stats.ini.tmp
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast\setup\Stats.ini.tmp
Creates a software uninstall entry
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHubJump to behavior
Creates install or setup log file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814064048262.log
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814064051411.log
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240814064122.log
Creates license or readme file
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1028\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1029\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1031\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1036\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1040\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1041\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1042\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1045\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1046\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1049\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1055\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\2052\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\3082\license.rtfJump to behavior
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\3082\license.rtf
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\README.txt
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x86.exe, 00000003.00000000.66783643747.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x86.exe, 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x86.exe, 00000004.00000000.66784888022.00000000003BB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000005.00000002.66825527126.000000000016B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x86.exe, 00000005.00000003.66799568356.0000000001596000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000005.00000000.66790938682.000000000016B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x86.exe, 0000000B.00000002.66900928484.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000B.00000000.66897053823.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000C.00000000.66898157631.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000D.00000000.66899287810.000000000032B000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\test_wpf.exe.pdb source: test_wpf.exe, 0000000F.00000000.67077988380.0000000000122000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D3DCompiler_47.pdb* source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66640335981.0000000010A81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66640335981.0000000010A81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187088148.0000000000656000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192465921.0000000000656000.00000002.00000001.01000000.0000003C.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: AvastDownloader.exe, 00000014.00000000.67201470779.00000000006E4000.00000002.00000001.01000000.0000003F.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: d:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,3_2_00DD3BC3
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E14315 FindFirstFileW,FindClose,3_2_00E14315
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DE993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,3_2_00DE993E
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E07A87 FindFirstFileExW,3_2_00E07A87
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003B4315 FindFirstFileW,FindClose,4_2_003B4315
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0038993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_0038993E
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_00373BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00373BC3
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A7A87 FindFirstFileExW,4_2_003A7A87
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00164315 FindFirstFileW,FindClose,5_2_00164315
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0013993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_0013993E
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00123BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_00123BC3
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00157A87 FindFirstFileExW,5_2_00157A87
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00324315 FindFirstFileW,FindClose,11_2_00324315
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002F993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,11_2_002F993E
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00317A87 FindFirstFileExW,11_2_00317A87
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002E3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,11_2_002E3BC3
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\NULLJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\NULLJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86Jump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packagesJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\NULLJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msiJump to behavior
Source: setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: VC_redist.x86.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: VC_redist.x86.exe, 00000003.00000000.66783643747.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x86.exe, 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x86.exe, 00000004.00000000.66784888022.00000000003BB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000005.00000002.66825527126.000000000016B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x86.exe, 00000005.00000003.66799568356.0000000001596000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000005.00000000.66790938682.000000000016B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x86.exe, 0000000B.00000002.66900928484.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000B.00000000.66897053823.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000C.00000000.66898157631.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000D.00000000.66899287810.000000000032B000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: http://autoupdate-staging.services.ams.osa/netinstallervFetching
Source: setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D3D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67520280303.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D3D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67520280303.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D3D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: test_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/test_wpf;component/test_wpf.xaml
Source: test_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/test_wpf;component/test_wpf.xamld
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://doc.qt.io/qt-5/qtquickcontrols2-styles.html
Source: test_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/test_wpf.baml
Source: test_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/test_wpf.bamld
Source: test_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/test_wpf.xaml
Source: test_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/test_wpf.xamld
Source: AvastDownloader.exe, 00000014.00000000.67201470779.00000000006E4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://https://allow_fallback/geo/v2/infoip-info.ff.avast.com
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: DriverHub.exe, 0000000E.00000003.67300210383.0000000009123000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000003.67317366380.0000000009123000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000003.67248410437.000000000913B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.b
Source: OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D3D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67511953042.0000000023170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67520280303.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67493524241.0000000023168000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: VC_redist.x86.exe, 00000003.00000003.66832791502.000000000126F000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000003.00000003.66832375161.000000000126C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.c
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayBlack
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraBold
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraLight
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayLight
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayMedium
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewaySemiBold
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThin
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://theleagueofmoveabletype.comhttp://pixelspread.comThis
Source: AvastDownloader.exe, 00000014.00000003.67213699467.0000000005031000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgip
Source: AvastDownloader.exe, 00000014.00000003.67211627665.0000000005051000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: VC_redist.x86.exe, 00000004.00000002.66830277593.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x86.exe, 00000004.00000002.66829594430.00000000033C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: VC_redist.x86.exe, 00000004.00000002.66830277593.0000000003B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Open
Source: DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D3D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000003.67226259985.000000000697F000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67140395981.000000000698F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gimp.org/xmp/
Source: AvastDownloader.exe, 00000014.00000003.67213699467.0000000005045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.google-analytics.com/collect-_application/x-www-form-urlencoded1postMessage()2postNextMes
Source: setup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com
Source: OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpString found in binary or memory: http://www.opera.com0
Source: DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.winimage.com/zLibDllP
Source: setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66650105823.0000000010A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.az-partners.net/apps/driver-hub/payload?ap=28ConfigUrlhttps://www.drvhub.net/app/downloa
Source: setup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67233888976.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://api.config.opr.gg/v0/config
Source: setup.exe, 00000012.00000003.67233888976.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&p
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://api.drvhub.net
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://api.drvhub.netgzip
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://brightdata.com/legal/sdk-eulaBottomUrl
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66650105823.0000000010A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brightdata.com/legal/sdk-eulaBottomUrlp
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://brightdata.com/sdk/information
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxhttps://multipassword.com/extension-thankyou/hyk
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66637861965.0000000010A86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/copyright.html
Source: setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/WNGRD
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/erifyIndirectDataDllFuncName
Source: setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/l
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/
Source: setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532994521.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520205574.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: setup.exe, 00000012.00000003.67520280303.000000000111A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.000000000111A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.000000000111A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryM
Source: setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryWp
Source: setup.exe, 00000012.00000003.67354858837.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary_
Source: setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryap
Source: setup.exe, 00000012.00000003.67520280303.000000000111A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.000000000111A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryp
Source: setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryr
Source: setup.exe, 00000012.00000003.67354858837.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryy
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://distrsubv4.go.mail.ru/atom/silent/?utm_source=azpartner&rfrautorundaysAtomDownloader.exe/SIL
Source: setup.exe, 00000012.00000003.67226882601.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.op
Source: setup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
Source: setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/311.2.1.40L0
Source: setup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/G
Source: setup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/O
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1#
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1G
Source: setup.exe, 00000012.00000003.67533326693.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67226882601.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=67239&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: setup.exe, 00000012.00000003.67226882601.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_cont
Source: setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354858837.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/
Source: setup.exe, 00000012.00000003.67520205574.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/4
Source: setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/112.0.5197.60/win/Opera_GX_112.0.5197.60_Autoupdate_
Source: setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/uage=en&uuid=f3132f1e-25b3-4b7a-b002-9c4d48da52dc&product=gx&channel=
Source: setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67234382376.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67234169806.00000000010F9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67248127283.0000000001103000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354927893.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67227686398.0000000001105000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520280303.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67247202366.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67226882601.00000000010F9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.0000000001104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
Source: setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en&uuid=f3132f1e-25b3-4b7a-b002-
Source: setup.exe, 00000012.00000003.67227686398.0000000001105000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/l#$
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW_AZ_CPI202204_6.6.0.1054.exe
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://gamemaker.io
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://gamemaker.io)
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://gamemaker.io/en/get.
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://get.surfshark.net/aff_c?offer_id=926&aff_id=13476&aff_sub=aff_sub
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://help.opera.com/latest/
Source: AvastDownloader.exe, 00000014.00000003.67213699467.0000000005031000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ip-info.ff.avast.com/v2/info
Source: AvastDownloader.exe, 00000014.00000003.67211627665.0000000005051000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ip-info.ff.avast.com:443/v2/infon
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244068_89d678f2be164786b292527658ca1605ht
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://legal.opera.com/eula/computers
Source: setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://legal.opera.com/privacy.
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://legal.opera.com/terms
Source: setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://legal.opera.com/terms.
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=RSTP&utm_campaign=
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=RSTP&utm_campaign=op100--silent
Source: DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://opera.com/privacy
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://policies.google.com/terms;
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: setup.exe, 00000012.00000003.67226882601.00000000010F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg
Source: DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://ru.drvhub.net/contacts
Source: AvastDownloader.exe, 00000014.00000003.67244577722.000000000507B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavast.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: AvastDownloader.exe, 00000014.00000003.67244577722.0000000005051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavast.avcdn.net:443/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://securevpn.pro/securevpnpro.exe/STeslaBrowserhttps://www.teslabrowser.com/download/init/silen
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://sourcecode.opera.com
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://telegram.org/tos/
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://twitter.com/en/tos;
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/apps/zipsoft-2/downloadPrograma
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/E65xXNswps.batcfreg
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/Emq7Etvprog.ico
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/J1KO1pctv.icoPrograma
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/oEZd1yaga.icoYandex
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exevcredist_x86.exehttps://www.az-partn
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.carambis.ru/programs/cleaner/download.html?cs_aff=drvhuboffer/silent
Source: setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622966733.0000000005F3F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622815992.0000000005F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622815992.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F4B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623908375.0000000005FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623939343.0000000005F54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623939343.0000000005F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drvhub.net/products/free/download
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622815992.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623908375.0000000005FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drvhub.net/products/free/downloadZ%J
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66650105823.0000000010A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drvhub.net/products/uninstall?locale=
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://www.google.com
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://www.google.comPerform
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://www.opera.com
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://www.opera.com..
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://www.opera.com/gx/
Source: setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://www.opera.com/privacy
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpString found in binary or memory: https://www.whatsapp.com/legal;
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\9e52e2.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI53DC.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\concrt140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_2.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vccorlib140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\9e52ed.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\9e52ed.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\9e52ee.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9C19C103-7DB1-44D1-A039-2C076A633A38}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5757.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\9e52f1.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\9e52f1.msiJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeFile deleted: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFC0FA3_2_00DFC0FA
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD61843_2_00DD6184
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0022D3_2_00E0022D
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0A3B03_2_00E0A3B0
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E006623_2_00E00662
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DDA7EF3_2_00DDA7EF
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0A85E3_2_00E0A85E
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DE69CC3_2_00DE69CC
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFF9193_2_00DFF919
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E00A973_2_00E00A97
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E02B213_2_00E02B21
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0ED4C3_2_00E0ED4C
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E02D503_2_00E02D50
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFFE153_2_00DFFE15
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003869CC4_2_003869CC
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039C0FA4_2_0039C0FA
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003761844_2_00376184
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A022D4_2_003A022D
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003AA3B04_2_003AA3B0
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A06624_2_003A0662
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0037A7EF4_2_0037A7EF
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003AA85E4_2_003AA85E
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039F9194_2_0039F919
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A0A974_2_003A0A97
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A2B214_2_003A2B21
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A2D504_2_003A2D50
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003AED4C4_2_003AED4C
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039FE154_2_0039FE15
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014C0FA5_2_0014C0FA
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_001261845_2_00126184
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015022D5_2_0015022D
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015A3B05_2_0015A3B0
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_001506625_2_00150662
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0012A7EF5_2_0012A7EF
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015A85E5_2_0015A85E
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014F9195_2_0014F919
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_001369CC5_2_001369CC
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00150A975_2_00150A97
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00152B215_2_00152B21
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00152D505_2_00152D50
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015ED4C5_2_0015ED4C
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014FE155_2_0014FE15
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030C0FA11_2_0030C0FA
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002E618411_2_002E6184
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031022D11_2_0031022D
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031A3B011_2_0031A3B0
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031066211_2_00310662
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002EA7EF11_2_002EA7EF
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031A85E11_2_0031A85E
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030F91911_2_0030F919
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002F69CC11_2_002F69CC
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00310A9711_2_00310A97
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00312B2111_2_00312B21
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00312D5011_2_00312D50
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031ED4C11_2_0031ED4C
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030FE1511_2_0030FE15
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_06981F8514_3_06981F85
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_06981F8514_3_06981F85
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 00E131C7 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 00E1061A appears 34 times
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 00DD1F20 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 00DD37D3 appears 496 times
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 00E1012F appears 678 times
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: String function: 0016061A appears 34 times
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: String function: 001237D3 appears 496 times
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: String function: 001631C7 appears 83 times
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: String function: 00121F20 appears 54 times
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: String function: 0016012F appears 678 times
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: String function: 003B31C7 appears 85 times
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: String function: 00371F20 appears 54 times
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: String function: 003B012F appears 678 times
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: String function: 003B061A appears 34 times
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: String function: 003737D3 appears 496 times
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 002E37D3 appears 496 times
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 002E1F20 appears 54 times
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 0032061A appears 34 times
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 003231C7 appears 85 times
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 0032012F appears 678 times
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
Source: lum_sdk32.dll.0.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: lum_sdk32.dll.0.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: lum_sdk32.dll.0.drStatic PE information: Resource name: BINARY type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: net_updater32.exe.0.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: mfc140chs.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140kor.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140esn.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140enu.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140ita.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140fra.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140cht.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140rus.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140deu.dll.9.drStatic PE information: No import functions for PE file found
Source: mfc140jpn.dll.9.drStatic PE information: No import functions for PE file found
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66492416777.0000000000B6B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDriverHubInstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E1after_internal_scan()SoftwareInfoReportertried to get drivers before scan finishing.tried to get unknowned devices before scan finishing.tried to get scanResult before scan finishing.--> internal_scanSoftwareInfoReporter::internal_scanStopped. StopFlag=%1m_errorCode=%1<-- internal_scan\VarFileInfo\TranslationTranslation of executable file %1 wasn't foundSoftware Info Reporter%1.%2.%3.%4ProductVersion\StringFileInfo\%08lx\%sFileVersionInternalNameOriginalFilenameProductNameFileDescriptionVersionCompanyNamesetupapiSetupGetInfDriverStoreLocationWSetupDiGetDevicePropertyWSetupDiGetDeviceProperty loading is failed with error=%1internal_driver_scan_initializem_fpSetupGetInfDriverStoreLocation loading is failed with error=%1;Start hardware scaningSoftwareInfoReporter::internal_driver_scan_hardwareUnknown DevicesFinish hardware scanning with successFinish hardware scaning for class %1SoftwareInfoReporter::internal_driver_scan_hardwareClassFinish hardware scaning for class. Cannot get devices. Error code: %1{4d36e97d-e325-11ce-bfc1-08002be10318}SYSTEM\CurrentControlSet\Control\Class\%1CM_Get_DevNode_Status failed. Error code: %1SoftwareInfoReporter::internal_scan_deviceinfoCan't enumerate device. May be there are no devices Local index: %1SoftwareInfoReporter::internal_driver_scan_hardwareDeviceCannot set device install params. Error code: %1No hids foundCannot build drivers list for a device. Error code: %1Can't enumerate driver.Finish driver scaning. Local index: %1Cannot get driver installation params failed. Error code: %1\inf\Retrieving signature... vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDriverHub.exe4 vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66640335981.0000000010A81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Qt5Core.dll.0.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal42.phis.spyw.evad.winEXE@70/1067@0/39
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0FD20 FormatMessageW,GetLastError,LocalFree,3_2_00E0FD20
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD44E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,3_2_00DD44E9
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003744E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,4_2_003744E9
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_001244E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,5_2_001244E9
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002E44E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,11_2_002E44E9
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E12F23 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,3_2_00E12F23
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DF6945 ChangeServiceConfigW,GetLastError,3_2_00DF6945
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHubJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverHub.lnkJump to behavior
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeMutant created: NULL
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_d45f00c9e1333cb54f9e2f6c000b8f94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMutant created: \Sessions\1\BaseNamedObjects\SecuriteInfo.com.Program.Unwanted.5511.32425.5112-user
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMutant created: \Sessions\1\BaseNamedObjects\DRV_HUB-6C3A7A0A-62CB-4B4D-86C3-546B4D40FE5D
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMutant created: \Sessions\1\BaseNamedObjects\bright_sdk_ui_C_Program Files _x86_DriverHub
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHubJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: cabinet.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: msi.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: version.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: wininet.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: comres.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: clbcatq.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: msasn1.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: crypt32.dll3_2_00DD1070
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: feclient.dll3_2_00DD1070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: cabinet.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: msi.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: version.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: wininet.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: comres.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: clbcatq.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: msasn1.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: crypt32.dll4_2_00371070
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCommand line argument: feclient.dll4_2_00371070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: cabinet.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: msi.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: version.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: wininet.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: comres.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: clbcatq.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: msasn1.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: crypt32.dll5_2_00121070
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCommand line argument: feclient.dll5_2_00121070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: cabinet.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: msi.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: version.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: wininet.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: comres.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: clbcatq.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: msasn1.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: crypt32.dll11_2_002E1070
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: feclient.dll11_2_002E1070
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeReversingLabs: Detection: 21%
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeVirustotal: Detection: 17%
Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeProcess created: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe "C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=632 /quiet /norestart
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeProcess created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe "C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{806F96A1-857F-4718-91A2-BB73ECC6E3F3} {8975F7C5-2319-4A19-A97F-ED725B823907} 7752
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: unknownProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe"
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files (x86)\DriverHub\DriverHub.exe "C:\Program Files (x86)\DriverHub\DriverHub.exe"
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --silent --allusers=0 --server-tracking-blob=ZDk4YzUwYWJjYjhmMGQ4MDNiOGIxMmFlMmZjODBkM2IxOTViNGE1OWE1NGM4NDBkYTZkNDE3NzA5NTBlYTk2Yjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMjA0Mi42NjE1IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJhMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY4ZGNkZDI1LTc0YWUtNDFkNS05MDU3LWVmOWRiOTNmZTJhYiJ9
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WS
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,15605554830572178620,16010966864040095375,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe "C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZkYTFjNWI3ZWIyZDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMyMDQyLjY2MTUiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImEzMGI5NDRiZDE0NzRhNTA5YWRlMDkxNDA3NDUyNGVjIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjhkY2RkMjUtNzRhZS00MWQ1LTkwNTctZWY5ZGI5M2ZlMmFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeProcess created: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US /online_installer
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe" 5872 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestartJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files (x86)\DriverHub\DriverHub.exe "C:\Program Files (x86)\DriverHub\DriverHub.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WSJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chromeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeProcess created: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe "C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=632 /quiet /norestartJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeProcess created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe "C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{806F96A1-857F-4718-91A2-BB73ECC6E3F3} {8975F7C5-2319-4A19-A97F-ED725B823907} 7752Jump to behavior
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe"
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --silent --allusers=0 --server-tracking-blob=ZDk4YzUwYWJjYjhmMGQ4MDNiOGIxMmFlMmZjODBkM2IxOTViNGE1OWE1NGM4NDBkYTZkNDE3NzA5NTBlYTk2Yjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMjA0Mi42NjE1IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJhMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY4ZGNkZDI1LTc0YWUtNDFkNS05MDU3LWVmOWRiOTNmZTJhYiJ9
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe "C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZkYTFjNWI3ZWIyZDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMyMDQyLjY2MTUiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImEzMGI5NDRiZDE0NzRhNTA5YWRlMDkxNDA3NDUyNGVjIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjhkY2RkMjUtNzRhZS00MWQ1LTkwNTctZWY5ZGI5M2ZlMmFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeProcess created: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,15605554830572178620,16010966864040095375,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe" 5872 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US /online_installer
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe" 5872 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: usoapi.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: sxproxy.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: edgegdi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: version.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: edgegdi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: version.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: edgegdi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: version.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msimg32.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windowscodecs.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: explorerframe.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: riched20.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: usp10.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msls31.dll
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: lum_sdk32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: libcurl.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: version.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5gui.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qml.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5network.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5core.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140_1.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: edgegdi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcr120.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quick.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qmlmodels.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qmlworkerscript.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quicktemplates2.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quickcontrols2.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quicktemplates2.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: opengl32sw.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: opengl32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: glu32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: atigktxx.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: npmproxy.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5widgets.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140_clr0400.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dhcpcsvc.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: mscoree.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: version.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: edgegdi.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: cryptsp.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: rsaenh.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: dwrite.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: msvcp140_clr0400.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: wldp.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: profapi.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: uiautomationcore.dll
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: npmproxy.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: DriverHub.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\Program Files (x86)\DriverHub\DriverHub.exe
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile written: C:\Windows\Temp\asw.5463fcd871ea2a5b\aswbd5b38725b6f1c73.ini
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeWindow detected: panel EnglishpanelpanelpanelpanelDriverHubAutomatically find andinstall drivers100% FreepanelFix and update all the device drivers by yourself. The software istotally free and you do not need call to service center.By downloading installing or using this product you agree to its:License agreementPrivacy policyDriverHub installs Bright Data components (no execution). You willbe able to view the component details in full before you accept thisoffer as well as being able to turn Bright Data on and off directlyfrom the "App Settings". Read more aboutBright Data's EULAUpdate outdated driversFind missing driversInstall drivers automatically in one clickDaily updated drivers databasepanelInstallCustom installation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeWindow detected: Number of UI elements: 14
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeWindow detected: Number of UI elements: 23
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeWindow detected: Number of UI elements: 23
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast\setup
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast\setup\Stats.ini.tmp
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDirectory created: C:\Program Files\Avast Software\Avast\setup\Stats.ini.tmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHubJump to behavior
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic file information: File size 7758000 > 1048576
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x48b400
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1cfc00
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x86.exe, 00000003.00000000.66783643747.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x86.exe, 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x86.exe, 00000004.00000000.66784888022.00000000003BB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000005.00000002.66825527126.000000000016B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x86.exe, 00000005.00000003.66799568356.0000000001596000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000005.00000000.66790938682.000000000016B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x86.exe, 0000000B.00000002.66900928484.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000B.00000000.66897053823.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000C.00000000.66898157631.000000000032B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x86.exe, 0000000D.00000000.66899287810.000000000032B000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\test_wpf.exe.pdb source: test_wpf.exe, 0000000F.00000000.67077988380.0000000000122000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D3DCompiler_47.pdb* source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66640335981.0000000010A81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66640335981.0000000010A81000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187088148.0000000000656000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192465921.0000000000656000.00000002.00000001.01000000.0000003C.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: AvastDownloader.exe, 00000014.00000000.67201470779.00000000006E4000.00000002.00000001.01000000.0000003F.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: concrt140.dll.9.drStatic PE information: 0x801EEB2B [Thu Feb 11 14:05:31 2038 UTC]
Source: libcrypto-1_1.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x27c9df
Source: libssl-1_1.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x90b02
Source: OperaGXDownloader.exe.0.drStatic PE information: real checksum: 0x32aa03 should be: 0x32db20
Source: AvastDownloader.exe.0.drStatic PE information: section name: .didat
Source: qtquicktemplates2plugin.dll.0.drStatic PE information: section name: .qtmetad
Source: windowplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qmlfolderlistmodelplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qmlsettingsplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: Installer.exe0.0.drStatic PE information: section name: _RDATA
Source: VC_redist.x86.exe.0.drStatic PE information: section name: .wixburn
Source: qtquickcontrolsplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qtquickcontrols2materialstyleplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qtquickextrasflatplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qtquickcontrols2plugin.dll.0.drStatic PE information: section name: .qtmetad
Source: dialogplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: dialogsprivateplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qquicklayoutsplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: DriverHub.exe.0.drStatic PE information: section name: .shr
Source: qgif.dll.0.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.0.drStatic PE information: section name: .qtmetad
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: qtquickcontrols2universalstyleplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: opengl32sw.dll.0.drStatic PE information: section name: _RDATA
Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
Source: Qt5Core.dll.0.drStatic PE information: section name: .qtmimed
Source: qtgraphicaleffectsprivate.dll.0.drStatic PE information: section name: .qtmetad
Source: qtgraphicaleffectsplugin.dll.0.drStatic PE information: section name: .qtmetad
Source: qtquick2plugin.dll.0.drStatic PE information: section name: .qtmetad
Source: VC_redist.x86.exe.3.drStatic PE information: section name: .wixburn
Source: VC_redist.x86.exe.4.drStatic PE information: section name: .wixburn
Source: VC_redist.x86.exe.5.drStatic PE information: section name: .wixburn
Source: mfc140.dll.9.drStatic PE information: section name: .didat
Source: mfc140u.dll.9.drStatic PE information: section name: .didat
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFE876 push ecx; ret 3_2_00DFE889
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039E876 push ecx; ret 4_2_0039E889
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014E876 push ecx; ret 5_2_0014E889
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030E876 push ecx; ret 11_2_0030E889
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0698B9AD pushad ; iretd 14_3_0698B9B5
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_069840A7 pushad ; retf 14_3_069841D1
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_069866DB push es; retf 14_3_069866E8
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_06988722 push es; iretd 14_3_06988724
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_08C41208 push edi; retf 14_3_08C41209
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0698B9AD pushad ; iretd 14_3_0698B9B5
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_069840A7 pushad ; retf 14_3_069841D1
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_069866DB push es; retf 14_3_069866E8
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_06988722 push es; iretd 14_3_06988724
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07724 pushfd ; iretd 14_3_0CB0772D
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07724 pushfd ; iretd 14_3_0CB0772D
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07592 pushfd ; iretd 14_3_0CB07601
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07592 pushfd ; iretd 14_3_0CB07601
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07602 pushfd ; iretd 14_3_0CB07631
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07602 pushfd ; iretd 14_3_0CB07631
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB0E574 push 6C0CB0E6h; retf 14_3_0CB0E5D9
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB0E574 push 6C0CB0E6h; retf 14_3_0CB0E5D9
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB0CF43 push 6C0CB0CFh; iretd 14_3_0CB0CF69
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB0CF43 push 6C0CB0CFh; iretd 14_3_0CB0CF69
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07724 pushfd ; iretd 14_3_0CB0772D
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07724 pushfd ; iretd 14_3_0CB0772D
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07592 pushfd ; iretd 14_3_0CB07601
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07592 pushfd ; iretd 14_3_0CB07601
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07602 pushfd ; iretd 14_3_0CB07631
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB07602 pushfd ; iretd 14_3_0CB07631
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB0E574 push 6C0CB0E6h; retf 14_3_0CB0E5D9
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 14_3_0CB0E574 push 6C0CB0E6h; retf 14_3_0CB0E5D9
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\sbr_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52e9.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52e6.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040510976328.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040479726116.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\uat64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040474033400.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\lum_sdk32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52ea.rbf (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040504265380.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libcurl.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw464c0c713ab96853.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw5c65dd9857daed44.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dllJump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\msvcr120.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc414b341646f5e21.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\additional_file0.tmpJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Qml.dllJump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\HTMLayout.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vccorlib140.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\browser_assistant.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw20d863e694bd3872.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc1028b309b252440.tmpJump to dropped file
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040489925672.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\imageformats\qgif.dllJump to dropped file
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\wixstdba.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libGLESv2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeFile created: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw6252c9e9d6a1e2dd.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\opera_packageJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52e7.rbf (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\net_updater32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\libGLESv2.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeFile created: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52e8.rbf (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\instup_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\mojo_core.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Gui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\assistant_packageJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw2bb1f8a556da95ab.tmpJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\concrt140.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\offertool_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\notification_helper.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avbugreport_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\DriverHub.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52ec.rbf (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\dxil.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52e5.rbf (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Quick.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\46BKFKIN\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvDump.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Widgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 9e52eb.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\x64\Installer.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\setgui_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B0ZBZFKQ\Opera_GX_assistant_73.0.3856.382_Setup[1].exeJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Win32\Installer.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_2.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x86_ais-a45.vpxJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\instcont_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x64_ais-a45.vpxJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dllJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\msvcr120.dllJump to dropped file
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\sbr_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\uat64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw2bb1f8a556da95ab.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\concrt140.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\offertool_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_1.dllJump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avbugreport_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw464c0c713ab96853.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw5c65dd9857daed44.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc414b341646f5e21.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vccorlib140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw20d863e694bd3872.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc1028b309b252440.tmpJump to dropped file
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\setgui_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeFile created: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw6252c9e9d6a1e2dd.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x86_ais-a45.vpxJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeFile created: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\instcont_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\instup_x64_ais-a45.vpxJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\assistant_packageJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avbugreport_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x86_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\instcont_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\instup_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\offertool_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\sbr_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeFile created: C:\Windows\Temp\asw.5463fcd871ea2a5b\setgui_x64_ais-a45.vpxJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814064048262.log
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814064051411.log
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240814064122.log
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1028\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1029\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1031\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1036\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1040\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1041\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1042\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1045\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1046\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1049\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1055\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\2052\license.rtfJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\3082\license.rtfJump to behavior
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\3082\license.rtf
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\README.txt
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestoreJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverHub.lnkJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvRepair
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvRepair
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvRepair
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvRepair

Hooking and other Techniques for Hiding and Protection

barindex
Creates files in alternative data streams (ADS)
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_session_id:LUM:$DATA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeSystem information queried: FirmwareTableInformation
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeSection loaded: OutputDebugStringW count: 159
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeSection loaded: OutputDebugStringW count: 136
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: 5B20000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: F470000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: F630000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: F650000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMemory allocated: 6ED0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMemory allocated: 9280000 memory reserve | memory write watch
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMemory allocated: 6F50000 memory reserve | memory write watch
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMemory allocated: 2520000 memory reserve | memory write watch
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMemory allocated: 2720000 memory reserve | memory write watch
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMemory allocated: 2550000 memory reserve | memory write watch
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 922337203685477
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWindow / User API: threadDelayed 9963
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52e9.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52e6.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeDropped PE file which has not been started: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040510976328.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040479726116.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\uat64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040474033400.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52ea.rbf (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040504265380.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw5c65dd9857daed44.tmpJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc414b341646f5e21.tmpJump to dropped file
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeDropped PE file which has not been started: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJump to dropped file
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\HTMLayout.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libEGL.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vccorlib140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\browser_assistant.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw20d863e694bd3872.tmpJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc1028b309b252440.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040489925672.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\imageformats\qgif.dllJump to dropped file
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\opera_packageJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52e7.rbf (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\net_updater32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\libGLESv2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52e8.rbf (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\instup_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\mojo_core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\assistant_packageJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw2bb1f8a556da95ab.tmpJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\concrt140.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\offertool_x64_ais-a45.vpxJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\notification_helper.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\avbugreport_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52ec.rbf (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\dxil.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52e5.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\46BKFKIN\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvDump.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 9e52eb.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\x64\Installer.exeJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\setgui_x64_ais-a45.vpxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\Win32\Installer.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp140_2.dllJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x86_ais-a45.vpxJump to dropped file
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x64_ais-a45.vpxJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dllJump to dropped file
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeEvaded block: after key decision
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeEvaded block: after key decision
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeEvaded block: after key decision
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeEvaded block: after key decision
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeEvaded block: after key decision
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeAPI coverage: 9.0 %
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 6960Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59891s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59781s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59672s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59563s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59453s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59344s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59235s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -59108s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -58995s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -58884s >= -30000s
Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 4256Thread sleep time: -58775s >= -30000s
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe TID: 6152Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe TID: 1120Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe TID: 912Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe TID: 6380Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe TID: 5956Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeFile opened: PhysicalDrive0
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00E0FE5Dh3_2_00E0FDC2
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E0FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00E0FE56h3_2_00E0FDC2
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003AFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 003AFE5Dh4_2_003AFDC2
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003AFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 003AFE56h4_2_003AFDC2
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0015FE5Dh5_2_0015FDC2
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0015FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0015FE56h5_2_0015FDC2
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0031FE5Dh11_2_0031FDC2
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0031FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0031FE56h11_2_0031FDC2
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zS8343C58E FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zS8343C58E FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,3_2_00DD3BC3
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E14315 FindFirstFileW,FindClose,3_2_00E14315
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DE993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,3_2_00DE993E
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E07A87 FindFirstFileExW,3_2_00E07A87
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003B4315 FindFirstFileW,FindClose,4_2_003B4315
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0038993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_0038993E
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_00373BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00373BC3
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A7A87 FindFirstFileExW,4_2_003A7A87
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00164315 FindFirstFileW,FindClose,5_2_00164315
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0013993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_0013993E
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00123BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_00123BC3
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00157A87 FindFirstFileExW,5_2_00157A87
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00324315 FindFirstFileW,FindClose,11_2_00324315
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002F993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,11_2_002F993E
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00317A87 FindFirstFileExW,11_2_00317A87
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_002E3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,11_2_002E3BC3
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E1962D VirtualQuery,GetSystemInfo,3_2_00E1962D
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 60000
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59891
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59781
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59672
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59563
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59453
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59344
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59235
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59108
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58995
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58884
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58775
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\NULLJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\NULLJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86Jump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packagesJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\NULLJump to behavior
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msiJump to behavior
Source: AvastDownloader.exe, 00000014.00000003.67211627665.000000000507B000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.000000000507B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<i[
Source: DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWz
Source: DriverHub.exe, 0000000E.00000003.67103958876.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: DriverHub.exe, 0000000E.00000003.67103958876.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.Gallium 0.4 on llvmpipe (LLVM 3.6, 256 bits)
Source: DriverHub.exe, DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67211627665.000000000507B000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.000000000507B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess queried: DebugPort
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00DFE625
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E04812 mov eax, dword ptr fs:[00000030h]3_2_00E04812
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A4812 mov eax, dword ptr fs:[00000030h]4_2_003A4812
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00154812 mov eax, dword ptr fs:[00000030h]5_2_00154812
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00314812 mov eax, dword ptr fs:[00000030h]11_2_00314812
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD38D4 GetProcessHeap,RtlAllocateHeap,3_2_00DD38D4
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFE188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00DFE188
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00DFE625
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFE773 SetUnhandledExceptionFilter,3_2_00DFE773
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E03BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00E03BB0
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0039E188
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0039E625
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_0039E773 SetUnhandledExceptionFilter,4_2_0039E773
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeCode function: 4_2_003A3BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_003A3BB0
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0014E188
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0014E625
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_0014E773 SetUnhandledExceptionFilter,5_2_0014E773
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeCode function: 5_2_00153BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00153BB0
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0030E188
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0030E625
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_0030E773 SetUnhandledExceptionFilter,11_2_0030E773
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 11_2_00313BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00313BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestartJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files (x86)\DriverHub\DriverHub.exe "C:\Program Files (x86)\DriverHub\DriverHub.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WSJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chromeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeProcess created: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe "C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=632 /quiet /norestartJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeProcess created: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe "C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{806F96A1-857F-4718-91A2-BB73ECC6E3F3} {8975F7C5-2319-4A19-A97F-ED725B823907} 7752Jump to behavior
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe "C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZkYTFjNWI3ZWIyZDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMyMDQyLjY2MTUiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImEzMGI5NDRiZDE0NzRhNTA5YWRlMDkxNDA3NDUyNGVjIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjhkY2RkMjUtNzRhZS00MWQ1LTkwNTctZWY5ZGI5M2ZlMmFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeProcess created: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe "C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US /online_installer
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe --silent --allusers=0 --server-tracking-blob=zdk4yzuwywjjyjhmmgq4mdniogixmmflmmzjodbkm2ixotvinge1owe1ngm4ndbkytzknde3nza5ntblytk2yjp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1hmzbiotq0ymqxndc0ytuwowfkzta5mtqwnzq1mjrlyyz1dg1fy29udgvudd0zodq5x29wz3g1iiwidgltzxn0yw1wijoimtcymzyzmja0mi42nje1iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc4ymcisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g1iiwiawqioijhmzbiotq0ymqxndc0ytuwowfkzta5mtqwnzq1mjrlyyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imy4zgnkzdi1ltc0ywutndfkns05mdu3lwvmowriotnmztjhyij9
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe "c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=mza1mty5mtm4n2jkztq5zgewndgwodywzde3zwrjyju3odfmmzvmmtq0ntu2zjhlnzi0owzkytfjnwi3zwiyzdp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1hmzbiotq0ymqxndc0ytuwowfkzta5mtqwnzq1mjrlyyz1dg1fy29udgvudd0zodq5x29wz3g1iiwic3lzdgvtijp7inbsyxrmb3jtijp7imfyy2gioij4odzfnjqilcjvchn5cyi6ildpbmrvd3milcjvchn5cy12zxjzaw9uijoimtailcjwywnrywdlijoirvhfin19lcj0aw1lc3rhbxaioiixnziznjmymdqyljy2mtuilcj1c2vyywdlbnqioijecml2zxjidwjjbnn0ywxszxivmy40ljiwiiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bneduilcjpzci6imezmgi5ndrizde0nzrhnta5ywrlmdkxnda3nduyngvjiiwibwvkaxvtijoicgeilcjzb3vyy2uioijqv05nyw1lcyj9lcj1dwlkijoizjhky2rkmjutnzrhzs00mwq1ltkwntctzwy5zgi5m2zlmmfiin0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=ec05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe "c:\windows\temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /ws /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:c:\windows\temp\asw.7cdf66164185824f /geo:us
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe "c:\windows\temp\asw.5463fcd871ea2a5b\new_180717ec\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /ws /cookie:mmm_mrk_ppi_004_408_v /edat_dir:c:\windows\temp\asw.7cdf66164185824f /geo:us /online_installer
Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe --silent --allusers=0 --server-tracking-blob=zdk4yzuwywjjyjhmmgq4mdniogixmmflmmzjodbkm2ixotvinge1owe1ngm4ndbkytzknde3nza5ntblytk2yjp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1hmzbiotq0ymqxndc0ytuwowfkzta5mtqwnzq1mjrlyyz1dg1fy29udgvudd0zodq5x29wz3g1iiwidgltzxn0yw1wijoimtcymzyzmja0mi42nje1iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc4ymcisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g1iiwiawqioijhmzbiotq0ymqxndc0ytuwowfkzta5mtqwnzq1mjrlyyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imy4zgnkzdi1ltc0ywutndfkns05mdu3lwvmowriotnmztjhyij9
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe "c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=mza1mty5mtm4n2jkztq5zgewndgwodywzde3zwrjyju3odfmmzvmmtq0ntu2zjhlnzi0owzkytfjnwi3zwiyzdp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1hmzbiotq0ymqxndc0ytuwowfkzta5mtqwnzq1mjrlyyz1dg1fy29udgvudd0zodq5x29wz3g1iiwic3lzdgvtijp7inbsyxrmb3jtijp7imfyy2gioij4odzfnjqilcjvchn5cyi6ildpbmrvd3milcjvchn5cy12zxjzaw9uijoimtailcjwywnrywdlijoirvhfin19lcj0aw1lc3rhbxaioiixnziznjmymdqyljy2mtuilcj1c2vyywdlbnqioijecml2zxjidwjjbnn0ywxszxivmy40ljiwiiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bneduilcjpzci6imezmgi5ndrizde0nzrhnta5ywrlmdkxnda3nduyngvjiiwibwvkaxvtijoicgeilcjzb3vyy2uioijqv05nyw1lcyj9lcj1dwlkijoizjhky2rkmjutnzrhzs00mwq1ltkwntctzwy5zgi5m2zlmmfiin0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=ec05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe c:\users\user\appdata\local\temp\7zs8343c58e\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe "c:\windows\temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /ws /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:c:\windows\temp\asw.7cdf66164185824f /geo:us
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeProcess created: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe "c:\windows\temp\asw.5463fcd871ea2a5b\new_180717ec\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /ws /cookie:mmm_mrk_ppi_004_408_v /edat_dir:c:\windows\temp\asw.7cdf66164185824f /geo:us /online_installer
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E115CB InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,3_2_00E115CB
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E1393B AllocateAndInitializeSid,CheckTokenMembership,3_2_00E1393B
Source: OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpBinary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DFE9A7 cpuid 3_2_00DFE9A7
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exeQueries volume information: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\logo.png VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\logo.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\platforms\qwindows.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick.2\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\imageformats\qgif.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\qmldir VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\icons.ttf VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\icons.ttf VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\header.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\header.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left.png VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe VolumeInformation
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\installer_prefs_include.json VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeQueries volume information: C:\Windows\Temp\asw.5463fcd871ea2a5b\servers.def.vpx VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DE4CE8 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,3_2_00DE4CE8
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E1858F GetSystemTime,3_2_00E1858F
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD60BA GetUserNameW,GetLastError,3_2_00DD60BA
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00E18733 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,3_2_00E18733
Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 3_2_00DD508D GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,3_2_00DD508D
Source: C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Queries disk data (e.g. SMART data)
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDevice IO: \Device\Harddisk0\DR0
Source: C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exeDevice IO: \Device\Harddisk0\DR0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		221
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping12
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts13
Command and Scripting Interpreter		22
Windows Service		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Service Execution		11
Registry Run Keys / Startup Folder		22
Windows Service		1
Software Packing		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script13
Process Injection		1
Timestomp		LSA Secrets157
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Cached Domain Credentials451
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Search Order Hijacking		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc Filesystem361
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt33
Masquerading		/etc/passwd and /etc/shadow1
Application Window Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron361
Virtualization/Sandbox Evasion		Network Sniffing1
System Owner/User Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Access Token Manipulation		Input Capture1
Remote System Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task13
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
NTFS File Attributes		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1492758 Sample: SecuriteInfo.com.Program.Un... Startdate: 14/08/2024 Architecture: WINDOWS Score: 42 192 Multi AV Scanner detection for dropped file 2->192 194 Multi AV Scanner detection for submitted file 2->194 196 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 2->196 198 2 other signatures 2->198 10 SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe 15 695 2->10         started        14 msiexec.exe 312 85 2->14         started        16 VC_redist.x86.exe 2->16         started        process3 dnsIp4 166 188.130.153.32 ROSTPAY-ASRU Russian Federation 10->166 168 188.130.153.33 ROSTPAY-ASRU Russian Federation 10->168 170 3 other IPs or domains 10->170 88 C:\Users\user\AppData\...\AvastDownloader.exe, PE32 10->88 dropped 90 C:\Program Files (x86)\...\DriverHub.exe, PE32 10->90 dropped 92 C:\Users\user\AppData\...\VC_redist.x86.exe, PE32 10->92 dropped 100 41 other files (none is malicious) 10->100 dropped 18 AvastDownloader.exe 10->18         started        23 DriverHub.exe 10->23         started        25 OperaGXDownloader.exe 10->25         started        29 2 other processes 10->29 94 C:\Windows\...\vcruntime140_threads.dll, PE32 14->94 dropped 96 C:\Windows\SysWOW64\vcruntime140.dll, PE32 14->96 dropped 98 C:\Windows\SysWOW64\vcomp140.dll, PE32 14->98 dropped 102 30 other files (none is malicious) 14->102 dropped 27 VC_redist.x86.exe 16->27         started        file5 process6 dnsIp7 140 142.250.176.14 GOOGLEUS United States 18->140 142 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 18->142 148 2 other IPs or domains 18->148 74 avast_free_antivir...etup_online_x64.exe, PE32+ 18->74 dropped 200 Query firmware table information (likely to detect VMs) 18->200 202 Queries disk data (e.g. SMART data) 18->202 31 avast_free_antivirus_setup_online_x64.exe 18->31         started        144 192.81.214.145 DIGITALOCEAN-ASNUS United States 23->144 146 206.189.231.23 DIGITALOCEAN-ASNUS United States 23->146 150 2 other IPs or domains 23->150 76 C:\ProgramData\...\lum_sdk_session_id:LUM, ASCII 23->76 dropped 78 C:\ProgramData\...\lum_sdk_session_id, ASCII 23->78 dropped 80 C:\ProgramData\BrightData\...\test_wpf.exe, PE32 23->80 dropped 86 2 other files (none is malicious) 23->86 dropped 204 Creates files in alternative data streams (ADS) 23->204 35 test_wpf.exe 23->35         started        82 C:\Users\user\AppData\Local\...\setup.exe, PE32 25->82 dropped 37 setup.exe 25->37         started        40 VC_redist.x86.exe 27->40         started        152 2 other IPs or domains 29->152 84 C:\Windows\Temp\...\VC_redist.x86.exe, PE32 29->84 dropped 42 VC_redist.x86.exe 71 29->42         started        44 chrome.exe 29->44         started        file8 signatures9 process10 dnsIp11 104 C:\Windows\Temp\...\Instup.exe, PE32+ 31->104 dropped 106 C:\Windows\Temp\...\Instup.dll, PE32+ 31->106 dropped 108 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 31->108 dropped 182 Query firmware table information (likely to detect VMs) 31->182 184 Queries disk data (e.g. SMART data) 31->184 46 Instup.exe 31->46         started        154 107.167.110.217 OPERASOFTWAREUS United States 37->154 156 107.167.125.189 OPERASOFTWAREUS United States 37->156 162 4 other IPs or domains 37->162 110 Opera_installer_2408141040474033400.dll, PE32 37->110 dropped 112 C:\Users\user\AppData\Local\...\setup.exe, PE32 37->112 dropped 120 5 other files (none is malicious) 37->120 dropped 51 setup.exe 37->51         started        53 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 37->53         started        55 setup.exe 37->55         started        59 2 other processes 37->59 114 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 40->114 dropped 116 C:\Windows\Temp\...\VC_redist.x86.exe, PE32 42->116 dropped 118 C:\Windows\Temp\...\wixstdba.dll, PE32 42->118 dropped 57 VC_redist.x86.exe 25 18 42->57         started        158 87.250.250.119 YANDEXRU Russian Federation 44->158 160 188.130.153.40 ROSTPAY-ASRU Russian Federation 44->160 164 10 other IPs or domains 44->164 file12 signatures13 process14 dnsIp15 176 8.8.8.8 GOOGLEUS United States 46->176 178 23.67.33.135 BBIL-APBHARTIAirtelLtdIN United States 46->178 180 2 other IPs or domains 46->180 122 C:\Windows\Temp\...\instup.exe (copy), PE32+ 46->122 dropped 124 C:\Windows\Temp\...\uat64.dll, PE32+ 46->124 dropped 126 C:\Windows\Temp\...\setgui_x64_ais-a45.vpx, PE32+ 46->126 dropped 134 20 other files (none is malicious) 46->134 dropped 186 Query firmware table information (likely to detect VMs) 46->186 188 Queries disk data (e.g. SMART data) 46->188 190 Tries to delay execution (extensive OutputDebugStringW loop) 46->190 61 instup.exe 46->61         started        136 14 other files (none is malicious) 51->136 dropped 65 setup.exe 51->65         started        138 3 other files (none is malicious) 53->138 dropped 128 Opera_installer_2408141040479726116.dll, PE32 55->128 dropped 130 C:\ProgramData\...\VC_redist.x86.exe, PE32 57->130 dropped 132 Opera_installer_2408141040489925672.dll, PE32 59->132 dropped 68 assistant_installer.exe 59->68         started        file16 signatures17 process18 dnsIp19 172 1.1.1.1 CLOUDFLARENETUS Australia 61->172 174 23.67.33.146 BBIL-APBHARTIAirtelLtdIN United States 61->174 206 Query firmware table information (likely to detect VMs) 61->206 208 Queries disk data (e.g. SMART data) 61->208 210 Tries to delay execution (extensive OutputDebugStringW loop) 61->210 70 sbr.exe 61->70         started        72 Opera_installer_2408141040510976328.dll, PE32 65->72 dropped file20 signatures21 process22

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe21%ReversingLabsWin32.Trojan.Generic
SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe17%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
9e52e5.rbf (copy)0%ReversingLabs
9e52e5.rbf (copy)0%VirustotalBrowse
9e52e6.rbf (copy)0%ReversingLabs
9e52e6.rbf (copy)0%VirustotalBrowse
9e52e7.rbf (copy)0%ReversingLabs
9e52e7.rbf (copy)0%VirustotalBrowse
9e52e8.rbf (copy)0%ReversingLabs
9e52e8.rbf (copy)0%VirustotalBrowse
9e52e9.rbf (copy)0%ReversingLabs
9e52e9.rbf (copy)0%VirustotalBrowse
9e52ea.rbf (copy)0%ReversingLabs
9e52ea.rbf (copy)0%VirustotalBrowse
9e52eb.rbf (copy)0%ReversingLabs
9e52eb.rbf (copy)0%VirustotalBrowse
9e52ec.rbf (copy)0%ReversingLabs
9e52ec.rbf (copy)0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\DriverHub.exe3%ReversingLabs
C:\Program Files (x86)\DriverHub\DriverHub.exe4%VirustotalBrowse
C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exe5%ReversingLabs
C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exe7%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5Core.dll0%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5Core.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5Gui.dll2%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5Gui.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5Network.dll2%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5Network.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5Qml.dll0%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5Qml.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5QmlModels.dll2%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5QmlModels.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dll0%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5Quick.dll2%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5Quick.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dll0%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dll0%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dll0%VirustotalBrowse
C:\Program Files (x86)\DriverHub\Qt5Widgets.dll2%ReversingLabs
C:\Program Files (x86)\DriverHub\Qt5Widgets.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://multipassword.com/en/extension-thankyoufalse

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpfalse
      https://legal.opera.com/termsOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
        http://wixtoolset.org/schemas/thmutil/2010VC_redist.x86.exe, 00000004.00000002.66830277593.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x86.exe, 00000004.00000002.66829594430.00000000033C0000.00000004.00000020.00020000.00000000.sdmpfalse
          https://features.opera-api2.com/api/v2/features?country=US&language=en&uuid=f3132f1e-25b3-4b7a-b002-setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmpfalse
            https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgsetup.exe, 00000012.00000003.67226882601.00000000010F1000.00000004.00000020.00020000.00000000.sdmpfalse
              https://download.opera.com/setup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                https://help.opera.com/latest/OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                  https://desktop-netinstaller-sub.osp.opera.software/lsetup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmpfalse
                    https://policies.google.com/terms;OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                      https://desktop-netinstaller-sub.osp.opera.software/WNGRDsetup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmpfalse
                        http://schemas.microsoft.cVC_redist.x86.exe, 00000003.00000003.66832791502.000000000126F000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000003.00000003.66832375161.000000000126C000.00000004.00000020.00020000.00000000.sdmpfalse
                          https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstallerOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                            http://localhost:3001api/prefs/?product=$1&version=$2..OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                              http://www.opera.comsetup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67512085943.000000002314C000.00000004.00001000.00020000.00000000.sdmpfalse
                                https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                  https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1Gsetup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    https://www.google.comSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                      https://desktop-netinstaller-sub.osp.opera.software/v1/binaryapsetup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraBoldDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThinDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                            https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW_AZ_CPI202204_6.6.0.1054.exeDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                              https://download.opera.com/Osetup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                https://www.opera.comOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                  http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    https://www.az-partners.net/s/oEZd1yaga.icoYandexSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpfalse
                                                      http://foo/bar/test_wpf.bamltest_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpfalse
                                                          https://api.drvhub.netgzipSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                            https://download.opera.com/Gsetup.exe, 00000012.00000003.67246817403.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              http://autoupdate-staging.services.ams.osa/netinstallervFetchingOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                https://desktop-netinstaller-sub.osp.opera.software/v1/binarysetup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532994521.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520205574.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    https://brightdata.com/legal/sdk-eulaBottomUrlpSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66650105823.0000000010A85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      https://features.opera-api2.com/l#$setup.exe, 00000012.00000003.67227686398.0000000001105000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        https://crashpad.chromium.org/OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                          https://addons.opera.com/en/extensions/details/dify-cashback/setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                            https://autoupdate.geo.opera.com/geolocation/OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                              https://download5.operacdn.com/setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354858837.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494251085.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67532715012.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                https://crashstats-collector.opera.com/collector/submitOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                  http://ns.adobe.bDriverHub.exe, 0000000E.00000003.67300210383.0000000009123000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000003.67317366380.0000000009123000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000003.67248410437.000000000913B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    http://www.opera.com0OperaGXDownloader.exe, 00000011.00000003.67179507579.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67178938374.0000000004C00000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67198667896.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67355195644.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354362323.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000012.00000003.67494072763.0000000004D40000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520024895.0000000004D11000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmpfalse
                                                                                      http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewaySemiBoldDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayBlackDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                          http://foo/test_wpf.xamldtest_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            https://distrsubv4.go.mail.ru/atom/silent/?utm_source=azpartner&rfrautorundaysAtomDownloader.exe/SILSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                              https://ip-info.ff.avast.com:443/v2/infonAvastDownloader.exe, 00000014.00000003.67211627665.0000000005051000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                https://opera.com/privacyOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                  https://download5.operacdn.com/ftp/pub/opera_gx/112.0.5197.60/win/Opera_GX_112.0.5197.60_Autoupdate_setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    https://download5.operacdn.com/uage=en&uuid=f3132f1e-25b3-4b7a-b002-9c4d48da52dc&product=gx&channel=setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      https://gamemaker.io)OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                        https://sourcecode.opera.comOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                          https://s-iavast.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeAvastDownloader.exe, 00000014.00000003.67244577722.000000000507B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            http://wixtoolset.org/schemas/thmutil/2010(VC_redist.x86.exe, 00000004.00000002.66830277593.0000000003B10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              http://defaultcontainer/test_wpf;component/test_wpf.xamltest_wpf.exe, 0000000F.00000002.67082609390.0000000002721000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                https://curl.se/docs/copyright.htmlSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66637861965.0000000010A86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zAvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    https://www.drvhub.net/products/free/downloadSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622966733.0000000005F3F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622815992.0000000005F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622815992.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F4B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623908375.0000000005FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623939343.0000000005F54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623939343.0000000005F5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      https://gamemaker.io/en/get.OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                        https://www.opera.com/gx/OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                          https://gamemaker.ioOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                            http://www.apache.org/licenses/LICENSE-2.0OpenDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              http://www.quovadis.bm0DriverHub.exe, 0000000E.00000003.67225053350.0000000008C36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&psetup.exe, 00000012.00000003.67233888976.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1#setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    https://help.instagram.com/581066165581870;OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                      http://https://allow_fallback/geo/v2/infoip-info.ff.avast.comAvastDownloader.exe, 00000014.00000000.67201470779.00000000006E4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                        https://www.az-partners.net/s/Emq7Etvprog.icoSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                          https://api.config.opr.gg/v0/configOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                            http://appsyndication.org/2006/appsynVC_redist.x86.exefalse
                                                                                                                                              https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                                http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgiAvastDownloader.exe, 00000014.00000003.67211627665.0000000005051000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005051000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  https://ip-info.ff.avast.com/v2/infoAvastDownloader.exe, 00000014.00000003.67213699467.0000000005031000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000014.00000003.67244577722.0000000005031000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      https://ru.drvhub.net/contactsDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                        http://www.winimage.com/zLibDllPSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                          http://ocsp.sectigo.com0AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            https://www.opera.com/privacysetup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                                              https://crashpad.chromium.org/bug/newOperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                                                http://www.gimp.org/xmp/SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000003.67226259985.000000000697F000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmp, DriverHub.exe, 0000000E.00000003.67140395981.000000000698F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  http://www.avast.com0/AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://download5.operacdn.com/4setup.exe, 00000012.00000003.67520205574.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1setup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.000000000106D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.00000000010E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://download.opera.com/311.2.1.40L0setup.exe, 00000012.00000003.67520024895.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://gamemaker.io/en/education.OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                                                            https://legal.opera.com/terms.setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                                                              https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=RSTP&utm_campaign=SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                                https://desktop-netinstaller-sub.osp.opera.software/erifyIndirectDataDllFuncNamesetup.exe, 00000012.00000003.67520464769.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://telegram.org/tos/OperaGXDownloader.exe, 00000011.00000003.67179648218.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000000.67187287487.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000013.00000000.67192621165.0000000000669000.00000002.00000001.01000000.0000003C.sdmp, setup.exe, 00000015.00000002.67210287818.0000000000479000.00000002.00000001.01000000.00000040.sdmpfalse
                                                                                                                                                                                    https://www.drvhub.net/products/free/downloadZ%JSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66620938327.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66622815992.0000000005F8A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66623908375.0000000005FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://features.opera-api2.com/setup.exe, 00000012.00000003.67354690641.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67234382376.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67234169806.00000000010F9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494401930.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67248127283.0000000001103000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67354927893.0000000001101000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67227686398.0000000001105000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67520280303.0000000001104000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67247202366.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67226882601.00000000010F9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67533096364.0000000001104000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        http://doc.qt.io/qt-5/qtquickcontrols2-styles.htmlSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66644869580.0000000010A80000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                                          https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_contsetup.exe, 00000012.00000003.67226882601.00000000010F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0AvastDownloader.exe, 00000014.00000003.67246026627.0000000007DA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedDriverHub.exe, 0000000E.00000003.67110150515.0000000004FF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64setup.exe, 00000012.00000003.67533326693.0000000001087000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000012.00000003.67494651413.0000000001087000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://brightdata.com/legal/sdk-eulaBottomUrlSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                    https://get.surfshark.net/aff_c?offer_id=926&aff_id=13476&aff_sub=aff_subSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.66491469141.000000000054D000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                      https://www.drvhub.net/products/uninstall?locale=SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.66650105823.0000000010A85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraLightDriverHub.exe, 0000000E.00000000.67073751713.0000000000F5D000.00000002.00000001.01000000.00000017.sdmpfalse

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          188.130.153.40
                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                          		204846ROSTPAY-ASRUfalse
                                                                                                                                                                                                          142.250.72.238
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          104.18.24.17
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          172.217.14.74
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          104.21.77.171
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          151.101.129.229
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                          172.217.12.138
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          34.149.149.62
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                          23.67.33.145
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		9498BBIL-APBHARTIAirtelLtdINfalse
                                                                                                                                                                                                          87.250.250.119
                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                          		13238YANDEXRUfalse
                                                                                                                                                                                                          23.15.241.97
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          23.67.33.146
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		9498BBIL-APBHARTIAirtelLtdINfalse
                                                                                                                                                                                                          142.251.2.84
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          37.228.108.132
                                                                                                                                                                                                          		unknownNorway
                                                                                                                                                                                                          		39832NO-OPERANOfalse
                                                                                                                                                                                                          8.8.8.8
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          142.250.176.14
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          104.18.10.89
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          184.29.21.144
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          192.81.214.145
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                          142.250.72.164
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          107.167.96.31
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		53755IOFLOODUSfalse
                                                                                                                                                                                                          188.130.153.32
                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                          		204846ROSTPAY-ASRUfalse
                                                                                                                                                                                                          1.1.1.1
                                                                                                                                                                                                          		unknownAustralia
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          159.223.133.120
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		46118CELANESE-USfalse
                                                                                                                                                                                                          188.130.153.33
                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                          		204846ROSTPAY-ASRUfalse
                                                                                                                                                                                                          206.189.231.23
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                          23.67.33.135
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		9498BBIL-APBHARTIAirtelLtdINfalse
                                                                                                                                                                                                          142.250.68.99
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          142.250.68.33
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          34.160.176.28
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                          23.5.0.15
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                                                                                          34.117.223.223
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                          		unknownunknownfalse
                                                                                                                                                                                                          104.21.27.152
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          3.228.177.90
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		14618AMAZON-AESUSfalse
                                                                                                                                                                                                          107.167.110.217
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		21837OPERASOFTWAREUSfalse
                                                                                                                                                                                                          142.250.72.174
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          107.167.125.189
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		21837OPERASOFTWAREUSfalse

                                                                                                                                                                                                          Private

                                                                                                                                                                                                          IP
                                                                                                                                                                                                          192.168.11.20

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                          Analysis ID:1492758
                                                                                                                                                                                                          Start date and time:2024-08-14 12:37:31 +02:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 16m 6s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                          Run name:Suspected VM Detection
                                                                                                                                                                                                          Number of analysed new started processes analysed:34
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal42.phis.spyw.evad.winEXE@70/1067@0/39
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 83.3%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 139
                                                                                                                                                                                                          • Number of non-executed functions: 246
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, CompPkgSrv.exe, backgroundTaskHost.exe, VSSVC.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                          • Execution Graph export aborted for target DriverHub.exe, PID 4748 because there are no executed function
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                          • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          06:40:01API Interceptor15x Sleep call for process: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe modified
                                                                                                                                                                                                          06:40:39API Interceptor12394x Sleep call for process: DriverHub.exe modified
                                                                                                                                                                                                          06:40:49API Interceptor3x Sleep call for process: AvastDownloader.exe modified
                                                                                                                                                                                                          06:40:55API Interceptor1x Sleep call for process: avast_free_antivirus_setup_online_x64.exe modified
                                                                                                                                                                                                          06:41:01API Interceptor1x Sleep call for process: Instup.exe modified
                                                                                                                                                                                                          06:41:28API Interceptor8x Sleep call for process: instup.exe modified
                                                                                                                                                                                                          12:40:10AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44} "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce
                                                                                                                                                                                                          12:41:33AutostartRun: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AvRepair "C:\Program Files\Avast Software\Avast\setup\instup.exe" /instop:repair /wait
                                                                                                                                                                                                          12:42:02Task SchedulerRun new task: Opera GX scheduled Autoupdate 1723632120 path: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe s>--scheduledtask --bypasslauncher $(Arg0)
                                                                                                                                                                                                          12:42:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Opera GX Stable C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

                                                                                                                                                                                                          LLM Input / Output

                                                                                                                                                                                                          InputOutput
                                                                                                                                                                                                          URL: https://multipassword.com/en/extension-thankyou Model: jbxai
                                                                                                                                                                                                          {
"result":false,
"interest_score":"0.003"}
                                                                                                                                                                                                          URL: https://multipassword.com/en/extension-thankyou Model: jbxai
                                                                                                                                                                                                          {
"result":false,
"interest_score":"0.000"}

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          9e52e5.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):257616
                                                                                                                                                                                                          Entropy (8bit):6.701518252422076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:H3RC9MpwQGXL41H9UsWy64Q7WzB1XmrbB1+1FUqHHlsixuOdm12z/Nrv:XMdV4HXmrkRHNuOdjz
                                                                                                                                                                                                          MD5:3D0EA6BA3551AEC4717AB2827319A741
                                                                                                                                                                                                          SHA1:E1273BA1B3D6CDBF93C99B115EF8ACCD84568718
                                                                                                                                                                                                          SHA-256:1573721C06F70D779F5AEBA175C039202069DA15D8526C3CE0C19B8C7FA985B1
                                                                                                                                                                                                          SHA-512:BADE3D768BF435C0ADD77BA377866A59146D22E102932FBEAB08FC10B27B9F5BCC5375ED26EE48847FB57649D706FF2AD6192895780C6924E34CAA7FCCA3514A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z[.s)[.s)[.s)..r(Y.s)R..)Q.s)].r(^.s)[.r).s)].w(P.s)].p(\.s)].v(..s)].s(Z.s)]..)Z.s)].q(Z.s)Rich[.s)........PE..L...+............."!...&.&...x..............@......................................Jc....@A.............................K.. ...........................PP.......*...;..T...........................(;..@............................................text...\$.......&.................. ..`.data....4...@...2...*..............@....idata...............\..............@..@.rsrc................n..............@..@.reloc...*.......,...r..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52e6.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):446840
                                                                                                                                                                                                          Entropy (8bit):6.690279428020546
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
                                                                                                                                                                                                          MD5:C766CA0482DFE588576074B9ED467E38
                                                                                                                                                                                                          SHA1:5AC975CCCE81399218AB0DD27A3EFFC5B702005E
                                                                                                                                                                                                          SHA-256:85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
                                                                                                                                                                                                          SHA-512:EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52e7.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33360
                                                                                                                                                                                                          Entropy (8bit):6.931135692044243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:w+hOcIndhnQsmJ1jmH/XWci5gWk2CSt+e/p35DNR9z463q465yEFHRN7R5DNR9z9:wJ9nQLqHuVdl39zTh6gEl39zTp
                                                                                                                                                                                                          MD5:B262A68778D6117D77DFD88A7F43CA44
                                                                                                                                                                                                          SHA1:839DE1D7BCFB4D91736707194B5F94BFF9285AFC
                                                                                                                                                                                                          SHA-256:A7ED4A417F0C50578F2CA2C5106004DD82F78DD3658A852B37147FC362716667
                                                                                                                                                                                                          SHA-512:4F417D12A86D19773D47BDD50D97BF975EADDF1DBBDFF72EA6EA9BA164E47503CD4BB4FFD9C308567EC1CE0A23C024C24BD8647AAFB68CEC4F747CE668296E28
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B.I.,.I.,.I.,.-.K.,.@...M.,.OP(.C.,.OP/.H.,.I.-.a.,.OP-.L.,.OP).].,.OP,.H.,.OP..H.,.OP..H.,.RichI.,.................PE..L......+.........."!...&............@........0...............................p.......b....@A.........................*..J....@..x....P...............2..PP...`..x.......T...........................X...@............@...............................text............................... ..`.data........0....... ..............@....idata.......@.......$..............@..@.rsrc........P.......*..............@..@.reloc..x....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52e8.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):250880
                                                                                                                                                                                                          Entropy (8bit):6.801697899047771
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ah2CMuxNalcGGC4hrQ1U5AE8EmQiqnwTW1KgR5MIKnxWVE7r:uxNAcGL4pQ65rBnwTW1KC5cnxWm
                                                                                                                                                                                                          MD5:60BF20C3CC7A98169465CD85EE833D67
                                                                                                                                                                                                          SHA1:D562FD487CDBA1EEBAD05D39DF4E143ACD9A50F1
                                                                                                                                                                                                          SHA-256:3EEE52D6389E9F12FA38F71247656C414BA675A96F7FA9987ED598F5963711DB
                                                                                                                                                                                                          SHA-512:D7A7859A86EECAADFDF6F5001595A331F5FDEC16112C5B9B6A314EB55C9EF49966A74F45E4EAA9912B0F2FD76E867C2AAAD4698B396989EB6532AFE53E4E8F67
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>H..P...P...P.u.Q...P.......P..sT...P..sS...P...Q...P..sQ...P..sU...P..sP...P..s....P..sR...P.Rich..P.................PE..L...~.b.........."!...&.....~............... ......................................q.....@A............................@....Q.......`...................P...p...A...N..T........................... N..@............P...............................text...P........................... ..`.data...H&... ...$..................@....idata..6....P......................@..@.rsrc........`.......>..............@..@.reloc...A...p...B...B..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52e9.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46672
                                                                                                                                                                                                          Entropy (8bit):6.857457630149837
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:a5iIy2dzHxsLj8OVUkKJoc7dvfq9znggEl8ULq9znrd:a5iIyYbxk8OakKJoc7dvuzngZ8Lznp
                                                                                                                                                                                                          MD5:C1FF4738F68A0570720F695B5A4837B9
                                                                                                                                                                                                          SHA1:C7BA41BA8049409D2EA5A3B4DABC2499837CD60F
                                                                                                                                                                                                          SHA-256:1B940CE6E0791B41538F475FF97FCD04156C2CAB924557199B57736D7EA510D5
                                                                                                                                                                                                          SHA-512:EDB1FD8EFB8B45474F43472A88A404329C0E756E1EFD9F3FB1EF2C800CDF64BA705CC7A339650CF0E2978E8D38FE42A16CCC86FAAF6630986E3E2E01BB03E632
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.:...i...i...iJf.h...i.l.i...i...h...i...h...i...i...i...h...i...h...i...h...i..ei...i...h...iRich...i................PE..L....9..........."!...&.J.......... E.......`............................... ............@A........................`S..D............................f..PP......\.......T...............................@............................................text....H.......J.................. ..`.data...<....`.......N..............@....idata...............P..............@..@.rsrc................Z..............@..@.reloc..\............`..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52ea.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30288
                                                                                                                                                                                                          Entropy (8bit):6.991930067735414
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:VWTrbNQJMjsOkWiYEWDeiCSt+ewnR9zxqSQBT35yEFHRN7HR9zxqSV/nkh:VWbNQv6rdy9zYSo3gElx9zYSVvq
                                                                                                                                                                                                          MD5:D90414F90993F195846C25140D47566B
                                                                                                                                                                                                          SHA1:3D3EF684D63BC62EEF8CBE09EAF0EE88159FC17C
                                                                                                                                                                                                          SHA-256:AF5645D93635823702F00E12C0C8D68EEA5D2F20EDCEBFDCF5E076E50A9CB64A
                                                                                                                                                                                                          SHA-512:BD4D3E4681D766449F743A924783154A5916A85FFB72F2F0EF43EBBF8380869D58CED6F56E31534F8B70FEBD4EF5DE47A9B1760478966C5D26ACCD7173FDE45F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..[.....................\......i...............i.......i.......i.......i.......i0......i......Rich............PE..L.....8.........."!...&............@........0...............................p.......=....@A........................."../...p@..P....P...............&..PP...`..L.......T...........................H...@............@..h............................text............................... ..`.data........0......................@....idata..x....@......................@..@.rsrc........P......................@..@.reloc..L....`.......$..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52eb.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285296
                                                                                                                                                                                                          Entropy (8bit):6.61257647545177
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Y4LZVoJFIIJcwnb1ykRyfSEmUAAvUT0yTWu1BhbkoOOd4+5Yd74mMHheB22zaSCL:NoJFBnZYDmL0yKu1BNWOf5YdvG4C
                                                                                                                                                                                                          MD5:934C75ADFF9036378FD34F526C6641A1
                                                                                                                                                                                                          SHA1:0B9572EBE4FC49EF2DEF824327EFCAF9C9B90DAF
                                                                                                                                                                                                          SHA-256:B4652ED190EEBF59D4CA8BB340CADFBCFBB7A32ABB893D57AC49B1F22CFA0861
                                                                                                                                                                                                          SHA-512:A00B1BF0F10437A680C332E2FCE287C194B3CF666E985ACF047CEBE755596B15F99BAD5252B6A2244AE8805E24218ACA2A898E63C28CCF515D75232410ADD6E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s...........j&........................N`......................J.........Rich....................PE..L...~..w.........."!...&.*.......... ........@...............................@......=.....@A........................p....=..............................pP......xY.. K..T...........................`J..@............................................text....).......*.................. ..`.data....p...@...n..................@....idata..............................@..@.rsrc...............................@..@.reloc..xY.......Z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          9e52ec.rbf (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):91104
                                                                                                                                                                                                          Entropy (8bit):6.919609919273454
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
                                                                                                                                                                                                          MD5:9C133B18FA9ED96E1AEB2DA66E4A4F2B
                                                                                                                                                                                                          SHA1:238D34DBD80501B580587E330D4405505D5E80F2
                                                                                                                                                                                                          SHA-256:C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
                                                                                                                                                                                                          SHA-512:D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Config.Msi\9e52e4.rbs

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18886
                                                                                                                                                                                                          Entropy (8bit):5.423654302876363
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:p1nQmx/h0evKVb24OIoVb24O4kFjnwEosWRUpk:p1nQmx/sVb24aVb24gM9
                                                                                                                                                                                                          MD5:C025E8FB4E7FA84D31431DA505D50E17
                                                                                                                                                                                                          SHA1:7C1706E80BC2941C8576C143AE5EE0871FBF93FA
                                                                                                                                                                                                          SHA-256:87FA8C809793F920D025541C03DD944F2B2BDF5C20E72C56AF981BA7FB4D0971
                                                                                                                                                                                                          SHA-512:E05E2FAA2D307D32EBEDB493A37CA0A1EFF33E0B82AB7A2A3ED55C0D1D7280D813D1CF6B235E1548AE021EECC8EDFCF7A24A2EEC61A1CBE55412CA2D3464E7AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...@IXOS.@.....@.5.Y.@.....@.....@.....@.....@.....@......&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7};.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135..vc_runtimeMinimum_x86.msi.@.....@o.&..@.....@........&.{83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{F4F89385-AC80-4040-ADA6-06D37B69832E}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{A2E7203F-60C2-3D7E-8A46-DB3D381A2CE6}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{BC0399EF-5E9D-3C7C-BFF5-5E9A95C96DAF}&

                                                                                                                                                                                                          C:\Config.Msi\9e52f0.rbs

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):19890
                                                                                                                                                                                                          Entropy (8bit):5.311529710909453
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:p1eNjVmXWk0Ve2SD4QsUh+nrMeeXKtAIOIwtAIO5Znw0WoLs1Eg8ISEqUpso:p1eWmk0Ve2SD4QsUh+nZ1S1YwCQBSE/
                                                                                                                                                                                                          MD5:197D98CDCE71DAD1889D1F31FEB415F3
                                                                                                                                                                                                          SHA1:82B4D3C6D5FAA6FCE29287B6B839C18CF2B0B4E6
                                                                                                                                                                                                          SHA-256:EF506A09D8E656A847E2386AC0A81BB5C9250CCBD6E9C5D10FED5F3870DDDBF0
                                                                                                                                                                                                          SHA-512:598220EF14EA4006C33405D969476EF6F7A2ADED0B74AC1162D8CE4366B2854569DB9AB2B02F11BEEF092F55F8662AADFC4C0AA5CDECCDA8AF0F6ACD2264997F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...@IXOS.@.....@.5.Y.@.....@.....@.....@.....@.....@......&.{9C19C103-7DB1-44D1-A039-2C076A633A38}>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135..vc_runtimeAdditional_x86.msi.@.....@o.&..@.....@........&.{29E9ACD5-6C1B-48C9-A316-358656F83B42}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{946D6FA6-49BB-3415-AD2D-4D634C432CF0}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{E533B148-A83A-3788-A763-0C6C4

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Credits.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):340
                                                                                                                                                                                                          Entropy (8bit):5.0559584011130525
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:DkbFCF/nFF3i6y72OKc6yk/2HWfZOcQyV0GDOxasMK:eCFtFDcIb/uYZlmGSxX
                                                                                                                                                                                                          MD5:7282852E37095B043D99A678B8C31C9E
                                                                                                                                                                                                          SHA1:E9D22FE2A583FE7D6ABAC0535256D3BEBA62FA9F
                                                                                                                                                                                                          SHA-256:EED093D8D23DC0F8A1B001BC6B59A31C70BD52EE85B3917E18AFAECCA788BF3D
                                                                                                                                                                                                          SHA-512:8A675373DD92BB0C1AD0D8EA616F391606BD344199AA7CD21499E31EFA29AEE839952EF3024FE1BEDBB6D4ADC4136B17A795C581E508CC0BEE45AD42D2E0C05D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:Some DriverHub plugins use external libraries and make extensive use of the following persons' or companies' code:....Qt - Copyright (c) 2018 The Qt Company Ltd. - LGPLv3..libcurl - Copyright (c) 1996 - 2022, Daniel Stenberg - https://curl.se/docs/copyright.html..OpenSSL - Copyright (c) 1998-2019 The OpenSSL Project - Apache License 2.0..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\DriverHub.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7722672
                                                                                                                                                                                                          Entropy (8bit):6.315240416411671
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:IIU5T6PFTz4Xg9WDoV/ih8z+3ggJ3rA39F3P3AUnF3h3tdY:It5TmiN53gW3rA39F3P3dnF3h3
                                                                                                                                                                                                          MD5:9E73D5B139958CD42A7067CBC44810B7
                                                                                                                                                                                                          SHA1:E512B164EFC1A6EF49DD1C54D542F981DE23D0BF
                                                                                                                                                                                                          SHA-256:45B6CC6CA166CAD70E6DD23E9E0228B7A9E4A92C18B185ED6D1BB1DCBCDECA7F
                                                                                                                                                                                                          SHA-512:C94E1F03DBB5D44FEE636648FE67C7C7B2FA2403E389C0FE791626020697D07D0F18F582FB02803FC72E5A7C7EFB55DE24A16E93C66FDFEA10E9086CE209BBFE
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 4%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......y.R.=.<.=.<.=.<.4...+.<.[...<.<.o.8.1.<.o.?.;.<.).8.<.<.o.9...<.o.=.9.<...9.<.<...=.5.<...8.?.<.).:.>.<.).=.).<...a.?.<...4.5.<.@..>.<.=.=...<...8.;.<...9.B.<....<.<.=..<.<...>.<.<.Rich=.<.........................PE..L.....tf......................n...................@...........................u.......u...@.................................t.s.......t.@.............u..*...0u.H....r.......................r......r.@............................................text............................... ..`.rdata...sm......tm.................@..@.data...L?...Pt..<....t.............@....shr..........t......jt.............@....rsrc...@.....t......lt.............@..@.reloc..H....0u.......t.............@..B........................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6996656
                                                                                                                                                                                                          Entropy (8bit):6.688002880659369
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:uk5Ks09i/N1TZkjoaTdH0U18SdgP7rhfVWpVUJZSjM+FU:J50IZWoydUUm5Pnh3
                                                                                                                                                                                                          MD5:4846E1823AD2A75FC83258CF1E789748
                                                                                                                                                                                                          SHA1:50C21E68F7303F31D64EAFE3EC3014C2A40A28F2
                                                                                                                                                                                                          SHA-256:E859B84E82C4B3B5EE4C82D0942FBC1135D72C69FC1A58290E91C905E17A0BD7
                                                                                                                                                                                                          SHA-512:94ED8504775760D626B7BB7DCA8166973BEC2CE95360124C519F87EDA35A31871B541FA59D537BE89B0F74D98B386869E54475B19153C0740F994962F6A809E7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 7%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............................R................................................7...F...H.........F......O......O.......y....O.......Rich............................PE..L...}.kf..................D..<).......;.......D...@...........................n.......k...@..................................`.T.....e...............j..*....h..Q....Z.......................Z.......Z.@.............D.H............................text.....D.......D................. ..`.rdata...L....D..N....D.............@..@.data.........`..\....`.............@....rsrc.........e......>b.............@..@.reloc...Q....h..R...Fe.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Images\DriverHubLogo.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5099
                                                                                                                                                                                                          Entropy (8bit):7.93135125589649
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:bdeVmk6dKSRMqa/DMD4hKzLQeZxsvrY8zy4einJK7MaxnHqq0REMP2l2V1FYzGk6:bZdKS6/DMPrLsvlzFe0JK7ZxnHqnEMPX
                                                                                                                                                                                                          MD5:451B153070269850DA133D4E493A1BD6
                                                                                                                                                                                                          SHA1:D82171A62800D8E8454C990266A55E28F69C207C
                                                                                                                                                                                                          SHA-256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
                                                                                                                                                                                                          SHA-512:3893366BC15C842E3EB4423B0695C40203601E536DD401B020FA63B8720079B2C1F3D3C7FED2B3856C5CC5C9D651722E0B77C665FB18482F18B499ECC1A8DBBE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...@...@......iq.....iCCPICC profile..(.}.=H.@........A.!Cu. *.(U,...Vh....?h...8..........:.............]Rh....=.../w..B..T.c.P5.H.b&.*v...f.......S.ix..{..~..Y.u..^%g2.'..1..7.g6-..>q..%...x...?r]v..s.a.g..tr.8D,..XncV4T.i.j./d\V8oqV.U.'.a0....Nk.1,!..D...2,Dh.H1......'.%...F..T.Br....f~j.M.F...m.....@.f....8.......W...'..>......&...;.....#.i..<.~F...o..5.o.s.>.i....pp...({...].}.......r....u....bKGD..............pHYs.................tIME.......Rq......IDATx..y.\U..?..j....i.......%..........6IF=.af.i..g...q..,...(*.(6."..'....b.K.!f.@.H'...w..G.....q.s.z..z....|..{..{...._..]..{mh(.N.o5....m..=.9....f..`..ug.....q......?I...xS.A? h..y.F.......^A....4...I....7..}....z..AA........M.O.z;...............f....$.B"h..i.?.N`X...;............L..c....,A...W...........w..w..min;.....l......|....d.!.dE.A3..N.."......~...6......?...K..i..S ...). +.(..i@Q_R._._.6.4.%...|.......7..F.......).(...j.T........bKs..v..s...vMFx..T*M...?..{...

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5Core.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5366392
                                                                                                                                                                                                          Entropy (8bit):6.855859322558378
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:EKVcjaq2Ox1PwKlRiZjZ+0OP3wqz3TeJsv6tWKFdu9CEcPk4VHEYI9CV4e0BSNm4:d+sKldPhzCJsv6tWKFdu9Czv5Xgwrj
                                                                                                                                                                                                          MD5:80A95EAC18B0D41D393B3F72CF03CCE0
                                                                                                                                                                                                          SHA1:724EB57BCEA953E132577AC540AA4ED0851DDE17
                                                                                                                                                                                                          SHA-256:2059AE8AF9B3ADC40E3FBAC46EDCE469A5A3340B1A42C0E2B0F79FCFAB838ED2
                                                                                                                                                                                                          SHA-512:B17D526B2AE9E39D4DD3FE452AE9E2460801B542B4E6D396A0CB86B7486D10615D673AC85CA313190EA9626832A736EADBEC4017608C9FBCC6966749EA84540A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........A.mC o>C o>C o>JX.>W o>.Mn?E o>..>G o>.Mj?^ o>.Mk?I o>.Ml?N o>.Hk?A o>.Hi?B o>.Hn?T o>C n>.!o>.Nk?n o>.Nj?. o>.No?B o>.N.>B o>C .>B o>.Nm?B o>RichC o>................PE..L......^...........!......(...)......&.......(....g.........................PR.......R...@...........................C.......J.......P...............Q.x.....P......=A.T....................>A......>A.@.............(..............................text.....(.......(................. ..`.rdata..~_"...(..`"...(.............@..@.data.........K..J....K.............@....qtmimed......K......LK.............@..P.rsrc.........P......:P.............@..@.reloc........P......@P.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5Gui.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5984888
                                                                                                                                                                                                          Entropy (8bit):6.8027540937852695
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:ku7oz+cQB5Y3tL205B7++e5MbrvUsGj4kQBTvDPMoKy/gJ/+dK+m3j+xWpDcYQl4:kuKJ2S+VavUsGcv7cL3iuDs4RX
                                                                                                                                                                                                          MD5:DF758556C1235D3A7E0CFAC2E060A465
                                                                                                                                                                                                          SHA1:91FA26C8641CC13ACB7030179AD286C73DBE2C02
                                                                                                                                                                                                          SHA-256:A383BC6B268D1E1B344414DDBDD400843649C61AD45C6018CA81EC0EF535B0DD
                                                                                                                                                                                                          SHA-512:9D14CB74388FCD49E28FF35E399C4C244440BD9AB31AE68459A6A613DA7C42C1172E0F4C13F11DC30602759A6B8C815A80DCBAB3D9D75F15F18CDA4F62849467
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......udxo1..<1..<1..<8}.<'..<.h.=;..<.h.==..<.h.=(..<.h.=5..<.k.=3..<jm.=0..<jm.=<..<1..<V..<.k.=!..<.k.=Y..<.k.=0..<.k.<0..<1..<0..<.k.=0..<Rich1..<................PE..L......^...........!......7..d$.....t.7.......7.............................. \......[...@.........................@.=..!....W.h.....Y..............<[.x.....Y..X..pT=.T...................lU=......T=.@.............7.l............................text....7.......7................. ..`.rdata...V ...7..X ...7.............@..@.data........X.......W.............@....rsrc.........Y.......X.............@..@.reloc...X....Y..Z....X.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5Network.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1059960
                                                                                                                                                                                                          Entropy (8bit):6.6757903647954695
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:RZuT8NTGHYYiPFHQBULr9RFGdw1wU1tcGYtDhwvW3Scj2nT8wsYK:RZuT8NTGHfidHQBU8dwp1+GGhMT8ws3
                                                                                                                                                                                                          MD5:4CCC16253F60FC8C06475BF936C8D168
                                                                                                                                                                                                          SHA1:143AEF75820ABBA5BCF80EBA477079CCD7E14A1B
                                                                                                                                                                                                          SHA-256:DF013042C338346B30D2E33A9895A6DE8D6A6EE785406996B4A523957AB10A2E
                                                                                                                                                                                                          SHA-512:C5F881711C183E87AB069430634F9BD98851324FBE27563472D4DD59B05096E5CD3134D178D79083B8C98943E509FDC5C14696D60B9470BE233B1FBFE4C6A4B1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}#.t9B.'9B.'9B.'0:Q'5B.'b*.&8B.'./.&3B.'./.&<B.'./.& B.'./.&=B.'b*.&7B.'.,.&:B.'9B.'.A.'.,.&.B.'.,.&8B.'.,='8B.'9BU'8B.'.,.&8B.'Rich9B.'........................PE..L...O..^...........!.........................0.....d.........................`......h.....@..........................%...e......T....p..................x...............T...........................H...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data....9...0......................@....rsrc........p.......2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5Qml.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3161208
                                                                                                                                                                                                          Entropy (8bit):6.582689015321756
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:N+fEOhE+7t7sOMpgTpnKNrSdSG779LLLS/o/L4YqoY0Xba+mRR3+5Q:N+25pgT8
                                                                                                                                                                                                          MD5:D3939D46D3756542C4EAB1DF9207A776
                                                                                                                                                                                                          SHA1:51A3EE6299A765A29DEC03C45058D8499BDA0685
                                                                                                                                                                                                          SHA-256:CAAE45FCF9538B4D5994491A322AACC9854BDEDF054B681CD21D8EE38D143673
                                                                                                                                                                                                          SHA-512:B33E904536859CA78D7667A9C0888BBB41467405CF4DD66EE6910F65B33828439AA904D2AA35FE23CF11D330E056104869AF20791150A82587CADD638CDF3FF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ..7 ... L.!... L.!... L.!... L.!... ..!... ..!... ... =.. ..!A.. ..!... ..[ ... ..3 ... ..!... Rich... ................PE..L....l.^...........!......!..>........!.......!....f.........................P1.....*Y0...@.........................`v'..`....,......./..............&0.x.... /..)..P.&.T...................L.&.......&.@.............!..............................text...J.!.......!................. ..`.rdata.......!.......!.............@..@.data...|Q....-..\....-.............@....rsrc........./.......-.............@..@.reloc...)... /..*....-.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5QmlModels.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):353912
                                                                                                                                                                                                          Entropy (8bit):6.629875532567727
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:9c/03N6AAD37+9WiMVplQCbCxlpPYZ1APaqqh9AOpRLBNSWbSA:FoD37+kLQ97o1mkSA
                                                                                                                                                                                                          MD5:76FA20EFDD6DC4B7D6978DB8F161ACBF
                                                                                                                                                                                                          SHA1:AB9924581C1EF8F470176E7A5FAB9C6C2B5AEB9E
                                                                                                                                                                                                          SHA-256:114B9181F3AA55F448030492C63260DA3D1E72A2551F3D55D1F8E5B88FB9F336
                                                                                                                                                                                                          SHA-512:7EA19C4DDDDFEA9FC98B28E95953EBB212545B52F633C3CC0F08513B9DE7FC2A88E9A7C0200462EAAB12CF02D72D203E030EBD8A190581048BE3A3628EA8029E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.x...x...x....|..x.......x..z....x..z....x..z....x..z....x..3....x...x...z..3....x..3....x..3....x...xx..x..3....x..Rich.x..........................PE..L....k.^...........!................................................................[`....@..........................4...[..,........@...............P..x....P..`C.. ...T...........................x...@...............X............................text............................... ..`.rdata..:W.......X..................@..@.data....#..........................@....rsrc........@......................@..@.reloc..`C...P...D..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):49272
                                                                                                                                                                                                          Entropy (8bit):6.47508786067958
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:0z9KXx97kRig4XgM7uSew5M0kZRY8P+16sfl3HXm1B77mzJ:0zEXD7kf+gU7ew5aZ+a+16sflnm1B7Cd
                                                                                                                                                                                                          MD5:DDC3CDCF3D9D2889BC5710067ABBE9B5
                                                                                                                                                                                                          SHA1:A0F12A4E49BED351624C6C9AD90A938A06DBC4C0
                                                                                                                                                                                                          SHA-256:3B532CAF148737916DFE3FB47B79B28E5E56BE2A6715460DD6C8F7B68730ADB5
                                                                                                                                                                                                          SHA-512:E69DFDC12A3260FE782AC597258B6F65F1AA6ABB9D56EF66364D6DD121FEDFA11FD5B7803FC3C3BEE99A554B27F807E4AFD1B8F1C3162F2C1B8EC6C448E06917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dv%. .K. .K. .K.)o..&.K..zJ.".K.{.J.".K..zN.3.K..zO.*.K..zH.#.K.yJ.'.K. .J...K.yN.%.K.yK.!.K.y..!.K. ...!.K.yI.!.K.Rich .K.........PE..L...(k.^...........!.....R...X.......X.......p...................................... B....@............................. ...............................x.......(....|..T....................}......h|..@............p..t............................text...+Q.......R.................. ..`.rdata..t?...p...@...V..............@..@.data...............................@....rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5Quick.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3532920
                                                                                                                                                                                                          Entropy (8bit):6.746525997275407
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:DWAxAyPMh+6UI0+Gu8wXHm3EVHOaLh1esXHBwiXYuSM5ujOwQsGUYD3F3DV8Lu+F:ghLank3wiO2pvzisTuEpEsT8
                                                                                                                                                                                                          MD5:07BE85D99D1ABE75BD0221C1CE03C4BB
                                                                                                                                                                                                          SHA1:BCB35E6937499AFD08805D5E634EA222B0A0E86C
                                                                                                                                                                                                          SHA-256:544D0AC18788F8D72615C5E084034066F9966D3050C300B38A667FCB8F0E7E34
                                                                                                                                                                                                          SHA-512:D5AAC5E1A95D20E9E9B74C8DC1A6465B62601ED5B95D979B3540AC7E1AC388458DBF00D82933C810E03780655623BA084A5F0A13988B82AF98C871081260939F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.9.&.W.&.W.&.W./..*.W..S.,.W..T.!.W..R.?.W..V.".W...V.,.W.}.V.#.W.&.V...W...R...W...W.'.W.....'.W.&...'.W...U.'.W.Rich&.W.........................PE..L....k.^...........!.....8!..........6!......P!..............................p6......b6...@......................... .)..]...:0.@.....3...............5.x.....3.......(.T.....................(.....h.(.@............P!..............................text....7!......8!................. ..`.rdata..R2...P!..4...<!.............@..@.data.........2......p2.............@....rsrc.........3.......3.............@..@.reloc........3.......3.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):146552
                                                                                                                                                                                                          Entropy (8bit):6.585172415541417
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Bc3ZWeY/5A3zu9UFX64YShiROHq2NM5XEE:BcpWeYysSIROHq2ub
                                                                                                                                                                                                          MD5:09B895E2D6798E00472B965D80D8F3B2
                                                                                                                                                                                                          SHA1:3BF36AF5CC9F18D2F55C366FA59D010A21AF5C33
                                                                                                                                                                                                          SHA-256:F4DAB635B68D027EE9E109CEFCA62CBC1BB9FC6C8F5D2C66E70159A76F844C51
                                                                                                                                                                                                          SHA-512:D25E2F7D80F15FDBFC8E0D321D6C25C562271469D01825D8608530FF30EE62F5507BE2F5EAB6AC29EB3EBB2DD5EBBFCE6D58BAA343DC11E4A075A2E293980B69
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dq.. .. .. ..)hr.&..{x."...}.5...}.*...}."...}.$..~.+.. ..c..~.?..~.!..~..!.. .v.!..~.!..Rich ..................PE..L...@q.^...........!.........>...............................................p............@.........................0F..TP...........0...............&..x....@... ......T..................../......./..@............................................text............................... ..`.rdata..R...........................@..@.data...L...........................@....rsrc........0......................@..@.reloc... ...@..."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):948856
                                                                                                                                                                                                          Entropy (8bit):6.611578418543604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:9x3GpG0gWJ2xVc/Guc/qbBZfSRpd4A7vwz:lebs7vW
                                                                                                                                                                                                          MD5:37A04C3F1B27D7B2E34BF60C5EAAA3C9
                                                                                                                                                                                                          SHA1:1D6E44C1F5D7A879BF0D13B3AED6BF70DF8499E9
                                                                                                                                                                                                          SHA-256:85E2728969FB0F4F5A66F6438E8E719F64BE70AC868E364037E5F2F4B9BA3D96
                                                                                                                                                                                                          SHA-512:3311FDD1DA21551CCDEE9DBBA02296B71A1E8DCA01988765E1EFE78EDF47C504A89649BDD9DD641ED88B9CEA7C7CF767874086137269542EB96E1741C1DA8DF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~.VF..VF..VF.._>..PF...+..TF......TF...+..\F...+..SF...+..NF...(..]F..VF..wB...(..-F...(..WF...(.WF..VF..WF...(..WF..RichVF..........................PE..L....q.^...........!.....\..........,b.......p............................................@.........................................................d..x.......\....>..T....................?......H?..@............p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....0......."...l..............@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt5Widgets.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4482168
                                                                                                                                                                                                          Entropy (8bit):6.834247944875884
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:Z3j64Df4L6mmJahTjikXr35/VN68aLDnfDd:DhJqTrJ/VNKJ
                                                                                                                                                                                                          MD5:CD41B766612B7B65DF6F062A405A33FB
                                                                                                                                                                                                          SHA1:609AE9A2AE8AD4C41C5D1282157354610E4768AB
                                                                                                                                                                                                          SHA-256:BF37AB90776BA011EF345913EBF5BC1176B651B846F0288B6A25716E676D82A5
                                                                                                                                                                                                          SHA-512:C78094F2CC9F06652D8E9794E19AC3529B830B0438324FC8FA9C33802344E429AEC4F1168C9C0285EC3E545F36415A1489CF86A6FAAA927593180B6C13753E91
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q.........................................................J............J...m...J......J............J......Rich...................PE..L......^...........!.....T+..........W+......p+....e..........................D.......E...@...........................6..'....>.T.....A..............ND.x.....A.......5.T.....................5.....H.5.@............p+../...........................text....S+......T+................. ..`.rdata..@....p+......X+.............@..@.data...l....@A..h....A.............@....rsrc.........A.......A.............@..@.reloc........A.......A.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Blend.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19778
                                                                                                                                                                                                          Entropy (8bit):4.506742249246775
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGYxn/aZdntlAb82jPiDJRlGHyNbVMl6wTzBwtv3o7i6q3YrcAvk15Gflp:nDGYxnSb1mzB6+irokDGfj
                                                                                                                                                                                                          MD5:46BDDF3E69B845AC1C59C7352906FE38
                                                                                                                                                                                                          SHA1:9C4DD7507DE1F8A90F3AA2C2935C97700C34CAE5
                                                                                                                                                                                                          SHA-256:AEB67E09E08878484F0C1351A88F823D4A9D063C59EF33F56399747A2F058641
                                                                                                                                                                                                          SHA-512:005B22AB8CD2288D2B8B2D1BE29F2C335BA936E4AB5D4BD966396BFBAF5D4CBA19857BD0C93308A1078742BBD79D3CE4DE8C7B745EF7DFB8DA85E865090D17DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\BrightnessContrast.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6585
                                                                                                                                                                                                          Entropy (8bit):4.598695759616129
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9ebNyJUHCShU2sKzlGbSjBV5VCVJys8s8sWWr:ndzgUldGcQWYJ+asieWKNUUxNwl6E
                                                                                                                                                                                                          MD5:4D10A854471E82FE9C1639FA31C650B7
                                                                                                                                                                                                          SHA1:B2D967E879B24C7CB10F41F0643DE81A303B9A11
                                                                                                                                                                                                          SHA-256:98060BFD123D2EE8A00FC6E9EA1C769390EF449CAE69343B84B3D3602769CBB1
                                                                                                                                                                                                          SHA-512:7A192630C134AE54DB3DECE1594DEE9A077131C890BC21DED37E7B617A3EE9839B5B7212460CB326E6DE2F5E42FB628B4442C57AC23312E19C1B607F978C02D4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ColorOverlay.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5095
                                                                                                                                                                                                          Entropy (8bit):4.707590936577697
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9qNc/XyU2sMlGbYAJeIcAeYLCYG7ECyNfRjE7:ndzgUldGcQW+ReAJdcVYL3xNwl6op
                                                                                                                                                                                                          MD5:CA164AC3D826D66663092DACF1346749
                                                                                                                                                                                                          SHA1:A49D104698F9262F05A2B79D0E37E3B7CC286A0D
                                                                                                                                                                                                          SHA-256:30D97360EFE13C029774513E6176BF68C8FAC7C87F8E03DDE458C8321784BA12
                                                                                                                                                                                                          SHA-512:9E29605EA07E61353792AAD17B60B39E50C79C2DA411745838C49ADAA262EB17C47983B516604C52BF1B7B2A0B3022643B48F0EA24C29A8ECBF026D2867CA7AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Colorize.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7876
                                                                                                                                                                                                          Entropy (8bit):4.538071539723452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQW4sDA1W6hJNp2MByJuzUQ6sONKNwl6gN:ndscGlsDA1WgNp2MBauV6sONKNwl6gN
                                                                                                                                                                                                          MD5:911DF8B6D57C50176D64598BB623514E
                                                                                                                                                                                                          SHA1:0ACC4D989DBE0025480FCAFB8680816EA417CD5E
                                                                                                                                                                                                          SHA-256:C97BCEA811DC59D480E9857196AC553D4863BA53783040BDFC7F5E339D429865
                                                                                                                                                                                                          SHA-512:4067EA21BA30902934D1995213CDDB95180C0EE0D52AA7D248D5535869361194C79312A1099D3350BF1C43A196EE9DEC12B915D00A7131AF4DEB57C135A3718A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ConicalGradient.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10264
                                                                                                                                                                                                          Entropy (8bit):4.632756205734315
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQWHgYb5PlokVpaVg+71YlmGzL3lH3DG6lnnqm:ndscGR0xVuIL3V3S6lnnJ
                                                                                                                                                                                                          MD5:BCFC5A243AC02C54BF7DCE968A917D53
                                                                                                                                                                                                          SHA1:8C32A1366569A37A77EA775435B4144E9A3004E8
                                                                                                                                                                                                          SHA-256:F331E1CFA131C3838603948333A1726887817626E6D7569E9540E084DF0D6075
                                                                                                                                                                                                          SHA-512:606E2BB11C1A3F382EFCE09410E020799984FB2547B793B7140F11388E342001DD313A23CF01D2F8E2B0C162C175D0CD3C9F31E3A3C765B53F33660C891A8188
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Desaturate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5079
                                                                                                                                                                                                          Entropy (8bit):4.6854391471828505
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9PVXNeU2shDGbSMyhcYG7ECyNfRjEIOmr2FN7:ndzgUldGcQWwLM6xNwl6q
                                                                                                                                                                                                          MD5:7E01BECD599DD1E7AB290C1541EDD291
                                                                                                                                                                                                          SHA1:F64C9A96EFFBA7E462E18994EF7933DC912AAAC1
                                                                                                                                                                                                          SHA-256:A4DFF399519267FACFB2F22033C65A03F1F472771CEF1DF91CD8714CC755EB98
                                                                                                                                                                                                          SHA-512:3F0FDCD6AD451DCD0D2AC58A41B46613766BF4D8EDBCB9126FE60D2997A94F01C48CB741923E66DD1E7FB300D9EC456BFF891EA70183B836A502FE22FD1C5B78
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\DirectionalBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11031
                                                                                                                                                                                                          Entropy (8bit):4.666918441303095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGxUUtVOUspxYhZl6aUVBsfyfZWxn9:nDGqPpxYhaaUVBsfyfZW/
                                                                                                                                                                                                          MD5:D9AF0AAB657E1A2D4FB2AE18A8D5CA61
                                                                                                                                                                                                          SHA1:CA846E4A745B55406A63B7DA024291F056EDBB1F
                                                                                                                                                                                                          SHA-256:8E60BB7C92D977238D52808587BA0DCA664D6119278B54453BF07657C815C872
                                                                                                                                                                                                          SHA-512:99E9CA5261DD1F7C5105C6474DFB92A6809F64F6D078D96595B24D0F0F0A9DD82844E7F15E397643811C052A658D319062149AFB9F19145E5FB12F76A5358FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Displace.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7217
                                                                                                                                                                                                          Entropy (8bit):4.622194749790818
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQWn+HeVrJsaVT69EGs5DFyPww2UKiUxDl66cR:ndscGu+QrJn8ELD0j2UKtxDl6N
                                                                                                                                                                                                          MD5:AF49F3B1F6460643F356DAA270A450AB
                                                                                                                                                                                                          SHA1:B7F81A99D5B23662EFC30D831C97D3BE25372E11
                                                                                                                                                                                                          SHA-256:D575BC8C0419B42DA1881C112ABD76F89FE3E4D115D2EF66BAA60C9391F2E23E
                                                                                                                                                                                                          SHA-512:BD43206D28773744B941BC0FEF328277F5F5CB9ADA4DDD62952723F2BA0A2C9D424B84A534D15C91C0466B9FE1422DA873123C796DB57650EE6B38F8A09C30C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\DropShadow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12506
                                                                                                                                                                                                          Entropy (8bit):4.41298894510231
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:naizgUldGcQWG3gGj4MhuB4Nd1az/ivsCI8/ivse3gmZJOo1o6ZK5W8f6:nRscGh3g+ldUz/ivfx/ivP3h1o6Chi
                                                                                                                                                                                                          MD5:C4DF6196555578A35D0D81012FB946AD
                                                                                                                                                                                                          SHA1:C33CA563FEAE48724C8F41351A689A4786C682E4
                                                                                                                                                                                                          SHA-256:F1101F41816F3C518EF77077CBDCBEB15F4F8119DB3BDDFC0959CA3C4C45FDF3
                                                                                                                                                                                                          SHA-512:85A99272709A605D55C1FC3F17ED682DB6ACE93EEB2EC1680010676C01F0B4B2C6C0840DE3C5FBBD321F138A5EB0B83E576F82B207ECB26271E781A5EE831273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\FastBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13881
                                                                                                                                                                                                          Entropy (8bit):4.530949121957846
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGAwf/x2bVV4xS+rAY9cNJGBRNaTiN/spNYZ4N1SzayJA/+:nDGpxW4xIIxmPcu+ayt
                                                                                                                                                                                                          MD5:6488C787CEA588F7DD68FF4ABCC19461
                                                                                                                                                                                                          SHA1:ACB301300C633AFFE5A515C026E73B9B0D81C91C
                                                                                                                                                                                                          SHA-256:00F6ECA1EB3A1730C09D6657E8A00FBBFAC4944D6D63AC2FB64BD64D48F6491A
                                                                                                                                                                                                          SHA-512:4F61B5F56FCAB5FE9CA6FEE35DC2405394357A6441C76DD148D74F179B28D6D93C581CD4CCA05091918640C1ECED1BFD17360F6DBEBA0B73100E3C4CFB1D7BD4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\GammaAdjust.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6235
                                                                                                                                                                                                          Entropy (8bit):4.646552357232257
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9cWNcDU6gk4aU2s4X8dGbFA8NwHlOvu/sJYvt:ndzgUldGcQW66g0uVsvudKNwl6FI
                                                                                                                                                                                                          MD5:9C511E64D3916DA3EEFB6DC01DE7D858
                                                                                                                                                                                                          SHA1:112E4A7B63CEACF737063C1B55FAA3A478D0EE47
                                                                                                                                                                                                          SHA-256:F44A77C8067D0E0FEB45CF34DCF903CE5DE259C481E78E853EDA7B9340CD9761
                                                                                                                                                                                                          SHA-512:4BDFA8596D3E72519F5F1A3E461AD9B8202B9A5F075CBE6FF6453F613BB4FA7F39128193ADF040554A9BD037B8D058B18587E85F73289E83F0DA32381A83A056
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\GaussianBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13601
                                                                                                                                                                                                          Entropy (8bit):4.592209063442914
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:nRscGS7ilRz/iv6AT91jCiGh497mMMDJfsYI7GpiZPdt0jIvficiLo:nfGSsOKhS9qTsYI7GQZg0HiO
                                                                                                                                                                                                          MD5:47B6F3D0C1CC49B0C3AC0DAA853CFE99
                                                                                                                                                                                                          SHA1:94F1CF2AD1A44C68BE2913530AEFC559B1CD7762
                                                                                                                                                                                                          SHA-256:5445B3591E89D696E8B2077AA35D3FEF9759F63E1A4D54D0EB4821DF3D258A74
                                                                                                                                                                                                          SHA-512:EE0A66B519ACAB711980D4CB98A2CD436B8AA7124ED72A0E6633443565211C5D4B68D361B909218ABBFF3F1A59082811B10CA03D9FAAAC2B26F9433072C2F711
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Glow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10025
                                                                                                                                                                                                          Entropy (8bit):4.44241789855634
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:nRscGiaShPFtc/z/iv0/iv6M19kdywWULh:nfGiaSpFa0GD
                                                                                                                                                                                                          MD5:517A0AD29EC812A277469AAB0E5359FC
                                                                                                                                                                                                          SHA1:5354D65E640C5DB8012E36E19A0BC6CDE532B0F4
                                                                                                                                                                                                          SHA-256:91EB6624C489C506C54ECAFDC1EC9703A26A664995C833BA74B69D3F48C09B18
                                                                                                                                                                                                          SHA-512:809D2E10BCDA518FC1959F1EB8547DB0B604BFBD4A3C00C5150B75BD093CFB0FF07421031A014E67EDE75AF7151956F63CDCB4FD913BEE9344015F058CA8BB6D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\HueSaturation.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7419
                                                                                                                                                                                                          Entropy (8bit):4.551795677868133
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscG6u7i5shleXBbwKg833KpNKNwl6Mo:nDGhKhMo
                                                                                                                                                                                                          MD5:27721C5DA4FF5FEDB10808941D939E9A
                                                                                                                                                                                                          SHA1:F3309F93E9F4387C5DA1AA395BEA04EC67CB8FAE
                                                                                                                                                                                                          SHA-256:47E9054D530990ED45650F2ABD8E9212A3FF5D63B2E20AEBB249B3F414216602
                                                                                                                                                                                                          SHA-512:FC3FE0D96120D5213C344A35761AD09E6377FE2ACD145D91E3A3812A9C3270D40797CC7DA6C84F365277E21DCCB872135078B686F53536A9FF005C15C91180B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\InnerShadow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12859
                                                                                                                                                                                                          Entropy (8bit):4.38678757261808
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQWntfslJqz5Wa32hoASjcB8wPZ8:ndscG6fEJHa32h/lPZ8
                                                                                                                                                                                                          MD5:4923D3751EB8B78D8A459D2EFEF66948
                                                                                                                                                                                                          SHA1:331250B29A4E6E934A5C4C3C09203A18D8B5416A
                                                                                                                                                                                                          SHA-256:0BBB5AF2E58FF3696937560DA502DC844D792A26E1EFC73F7A5165E410224386
                                                                                                                                                                                                          SHA-512:6026945A2A02C426FF990F72AA752D4B6FE6EAE184D033C843638D79EA5171DB621CB9A80622FB12D0EF8623FA14A133BFE1B78DEA35B0D2333E10A8EBB712B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\LevelAdjust.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15891
                                                                                                                                                                                                          Entropy (8bit):4.556057731614295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:1dsgUldGcQW62Jm7mNWiEyNCNPbjbdKNwl62/+e:1dRcGbrmNWiPY7KNwl62/+e
                                                                                                                                                                                                          MD5:6F9FB56C6BED19906E1864393C76ABD5
                                                                                                                                                                                                          SHA1:E4A6F84CCE7885E9970F048677213D1EE7470296
                                                                                                                                                                                                          SHA-256:87B2ADE3F9E6C5C7B0E5F2EB2F1EF9F0E543D428FC62ACAD58CD8D3A9FD7B188
                                                                                                                                                                                                          SHA-512:6B0314D75B5968957AA69EBC13B72C09C2A5C85ED30AA1B76E70C3B10E086E6E1A2A1882E2BD7334835481E0907BAA5D1F43AD14F06EAC1273D770DC22CCDF10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/*****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Add-On Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..**

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\LinearGradient.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10829
                                                                                                                                                                                                          Entropy (8bit):4.563214234773607
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGbAX18AIIe1IefdLSacSS935aX9l63H:nDGbAX18AIIe1nfdLSacSSVX
                                                                                                                                                                                                          MD5:0C441705CF894B52EA283C9A0B72C1F9
                                                                                                                                                                                                          SHA1:F82C2B2E00D906176F90A5E53A53A747303146AE
                                                                                                                                                                                                          SHA-256:21F3E2CF42F8A429458008EFA155C6EE984FD9D2D96FA5B5C9B027AB9BB45EE3
                                                                                                                                                                                                          SHA-512:F52E3E111D9EF32F44D77D304378BFF3E9ADA3E38E740A872D6A6BC84F87037F43FEAA8844C993250C35E0A7CEE36DC1D01FFA09ED8E36EEA8F12834C8911EBD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\MaskedBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7807
                                                                                                                                                                                                          Entropy (8bit):4.639117118840595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:naizgUldGcQWO9bDMb4L1EKimatisMRA9ryd5P:nRscG1pIUL1GMR8Od5P
                                                                                                                                                                                                          MD5:E1547CFA62DE702D4E06A8312396FF74
                                                                                                                                                                                                          SHA1:4DA2C91538D8B81C640BF4F148A07DF57AB2EB27
                                                                                                                                                                                                          SHA-256:70B5C9437F093FBC2BFD448C7C088C0A27C1141E5F592C42A436AE8F19CB0143
                                                                                                                                                                                                          SHA-512:0FA55542D60493B431C0035C24F094DC0C044AA1A5982D0C67B07E4792B063A3FFD4FA4858BCC92D5781BBA22E8EA78D1CBEA806846C0823A158FC74A7D1AC0F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\OpacityMask.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5585
                                                                                                                                                                                                          Entropy (8bit):4.685627644589191
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9ONXU2sorhGbHasxGDt5EYG7ECyNfRjEXGqaA:ndzgUldGcQWQLDxoLVNl6l
                                                                                                                                                                                                          MD5:41BAD5D7D181DB5BA516B5006E79E9C1
                                                                                                                                                                                                          SHA1:407538F15D386CBAE91281A981EBA1F8CFC05E06
                                                                                                                                                                                                          SHA-256:2E3DE7C4034B1F9D3376A827CF4A9A910E36431B5D5C5D002C2FDC2ABC05056E
                                                                                                                                                                                                          SHA-512:07644CD9C91C039E6C872B6ED3774BFF860F96EFF2188F3A014B393B3FECF735DA599A6B21B3367D1948B3484BAFD893F6B89149A45B912F2CF35EE755D2121C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RadialBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12345
                                                                                                                                                                                                          Entropy (8bit):4.66784524518964
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGGHNtsOt3z2xNhZl6S+JU7NkdkMDiiFeXaTn9:nDGG12xNhaSgU7NkdkMmiFeXaZ
                                                                                                                                                                                                          MD5:0BDA852F4A3DA9E70944CB9B324139BE
                                                                                                                                                                                                          SHA1:49226B8F2BAE75B5209AF9BD65AF6FA73B25EF1C
                                                                                                                                                                                                          SHA-256:65D16512749C9B8F307265434A4C09BAB3188E49C4EFDC74065FB1F4F0FBCB70
                                                                                                                                                                                                          SHA-512:173BBA2F258E4FE8294F3ECE2C63FF3314146A367F5F786335EADC73B84251E4E7AAF42BDCBE640C63414A467ECF7ECD728F48D4D03C31021A16A2FEC94D9863
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RadialGradient.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13745
                                                                                                                                                                                                          Entropy (8bit):4.494703020202901
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQW7ByvGv05ahXcPG+6Pi2g+7/YHzo135aX9l6lrik9niAjC:ndscG/sMcPii35aX9l6NX4
                                                                                                                                                                                                          MD5:ED1B7F1AE4D19D1151383FB13E355979
                                                                                                                                                                                                          SHA1:1206793A0E96BCCB75D27C569B61DC8A281849EB
                                                                                                                                                                                                          SHA-256:92BD66E1097F20411A27741A346C88E47B6F9EC6B560FE5A4BA2F756B4418AEA
                                                                                                                                                                                                          SHA-512:7D17B7AF9E6E8E13B770B1B7B5FCB4B75EB6593C81DF87B70ABB1F61FC48166E9B300271F06088CE42D20F83D9CC251E2B8E5EDF11DA74E256DE6F81541CB7FE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RectangularGlow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9305
                                                                                                                                                                                                          Entropy (8bit):4.537386224718856
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQWkXn0HNUJAsRmHSuMTmtnWxbQ9VJ:ndscGz0HuJAsRmHSuMTmabE
                                                                                                                                                                                                          MD5:026A4FABB695B3E2BA6C446A464C2BB6
                                                                                                                                                                                                          SHA1:7EAC97EDB6C66FFCA0326697A1C3BC03934726AA
                                                                                                                                                                                                          SHA-256:D42A02D92090166EC878425F28061034C976F3012D1AB6663427E22F84775B41
                                                                                                                                                                                                          SHA-512:4E856E3CF388095FADBD93AEB41613E6BA659BA27EA1D3F7328045C3A05981B0631750E2DEBF7A37D29CAA158B391AE40ECDFEEDE90DB1A0626FBCD8525D61CD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RecursiveBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11649
                                                                                                                                                                                                          Entropy (8bit):4.575505434264538
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQWlbSOF3vHd9eTG8YKCtdbQxiXd6lM54EMzefgbEKaGzSJAIWPkCWN7:ndscGyvF/HTrJ4n9yQBuqIWwRp0LxW
                                                                                                                                                                                                          MD5:5856FB30F65717A3AE1AF8985F9EF38B
                                                                                                                                                                                                          SHA1:22B2DDB2226907F3C5D9554DC65120F8721F02E5
                                                                                                                                                                                                          SHA-256:A15EC6D00168B3369004C406E513A71C1C1082DF2F66EA086A9B956E23189E5D
                                                                                                                                                                                                          SHA-512:D69F9E99E95E45E6EB269F39074EC5107EB81D721F65B952A7F316B080C53D5886C194AEF02A1C1338BE6CEB4B42C2E6CBFD1FF462EFA3406025EB1CF19822F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ThresholdMask.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7462
                                                                                                                                                                                                          Entropy (8bit):4.5825621177486955
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy98N6D+U2sPrhGbHoxGDtlGHyMwRQM/MMM2GkV:ndzgUldGcQWgMoxoPqKbTmY
                                                                                                                                                                                                          MD5:14B0BA19DCDB591AF93735CED2B235F5
                                                                                                                                                                                                          SHA1:E78F75E1C8453A98AA0A7BCD0A4F08B5FFED092F
                                                                                                                                                                                                          SHA-256:2F3593F4FBEC921A1DE0331C443505B0F70AA2E40834C5A1175E298874585B46
                                                                                                                                                                                                          SHA-512:8920FD4F081738E5A21F40DEB78061DA0AE27B8324DAFE4B96E01C1EC99E9DDC3D9F4E070DF6F2827F508AB827E6B43013618DDFADACEC86DDB8CBFD74E06C43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ZoomBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11760
                                                                                                                                                                                                          Entropy (8bit):4.654708081969159
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGl6axN/+QCpKYhZl6/UVBsqeiXabD9:nDGf6pKYha/UVBsqeiXaN
                                                                                                                                                                                                          MD5:549BF8839B5460FA531BF5EB9AD8079E
                                                                                                                                                                                                          SHA1:C44C223BEA82BAB57554120B7569465633D0774D
                                                                                                                                                                                                          SHA-256:57D3FB9FF4D4F5D3CD33FCBF45EF156CC74A3BD1A39A76CB6BEAF98F86766DFE
                                                                                                                                                                                                          SHA-512:CB29397C53050F73BD08B7B97AD7F8B6B5C0F1C78E9B600BCF8AF55843B0531DE815133ACD3B18BBCFCCC95FBFAE3F411335C05DAFE7D66EB8C3311E372F83D4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                                                          Entropy (8bit):4.927041556088633
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:IXsKNhYs2FUbJotxLfyj58NS20t37+ASekQ2JdHE9ItULe8yAJZ4Pm:I8VFJtx+L7Ix9E9uULe/Av8m
                                                                                                                                                                                                          MD5:C76BD51B4EC5299E2CC9EBDB505AB848
                                                                                                                                                                                                          SHA1:430083140E4AAB9ADBF39AD81E2FC820274A82A2
                                                                                                                                                                                                          SHA-256:6350C17D1667563EB1DFBA75FE5C4387CCC3F18F8EA1E266648F5DF463C1CCF1
                                                                                                                                                                                                          SHA-512:88068751E49C91D6309098BCAA76A6437ABF36EA1C14174E250ECF5B0F4A55A85BF42607D7B4CF61393D8B7DAD41C2DBAD3A4D15D3726667FD572E06F9B5B40F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtGraphicalEffects 1.15'....Module {.. dependencies: ["QtQuick 2.12", "QtQuick.Window 2.12"]..}..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\DropShadowBase.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3802
                                                                                                                                                                                                          Entropy (8bit):4.836210598784799
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M0iOO6E+iCshVKzlOWGf0hEVufy9OtsZjO/26l27xJa53KfzX6zVuOfeD:JiOgUldGcQWkQW7xJq3KfjQV+D
                                                                                                                                                                                                          MD5:BEDBC5F0389093B378549613B882DAC7
                                                                                                                                                                                                          SHA1:57C4D4FD27D928FAB37CAAE5B366BA603EA4E36C
                                                                                                                                                                                                          SHA-256:8CF00941F226FB8B15A476FB2CA902E53D8B7092077A89A50DCF4D3B393B8996
                                                                                                                                                                                                          SHA-512:CD2F4DC1797E00371FF31045CB5025041B8ED2A2339F7FBE92777A19580CDA9AFCC125247C6153D3AC9F09E05C38BCCD4459F804F7B5487F199510C86356F943
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: http://www.qt-project.org/legal..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\DropShadowBase.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7424
                                                                                                                                                                                                          Entropy (8bit):3.032827250058743
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:mPNmd48VJuVPCAHzHlHd2egJxtlkmMt0GebxWUQxZ+l4VZjxVcGrLGfGOTS4Agkp:2M48V8HzuegsmMt0RegS4ApXKbFsmCX
                                                                                                                                                                                                          MD5:C6DBEFC365BDFD9C057A545222AEE449
                                                                                                                                                                                                          SHA1:26F66B2804FF51D310F430FB1892D67C139E84D3
                                                                                                                                                                                                          SHA-256:D7D1C4BFD92B314D973D2D2D8ABF06296F9F69FEB5F02F47D22B45C12DC28C40
                                                                                                                                                                                                          SHA-512:7A2AF42628AD4CDAC3B17CD97784E73D8B74D4008C1703023BDDF8AB4642A16898985E9FA2AB21283987265EF8AD1B6A29B146950C4D74D2158856965A8DB6BE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...................................................................k./.......7L.d.................#...;...8...............X.......X.......X...O...X.......................................................................................P...........X...........@...........(...p...........X...........`...........H...........@.......................#...@...#...`...........0...........0...c...p...c.......C...P...c.......C...P...c.......c.......c.......3...`.......#.......3...`.......#...........3...`...@...3...@.......3...`...`...3...`...3...p...3...........3...........3...@...3.......3...`...3.......c...........3.......3.......C...c.......3...s......................................@...............8.......8...............1.P.................1...........................@...............8.......8...............<...................<.....:.....@...............8.......8...............=...................=.....:.....@...............8.......8...............>...................>...........

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastGlow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9961
                                                                                                                                                                                                          Entropy (8bit):4.5553960156757025
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGMzlWrTY9cNJGBRNaTiN/spNYZ4N1/WbMXyJA/W:nDGMRxmPcu/byJ
                                                                                                                                                                                                          MD5:0531E44FE5BCCBECBFA912EF5E82EB69
                                                                                                                                                                                                          SHA1:8504E4A972B0806630525F1D2C3E9F935A0C9313
                                                                                                                                                                                                          SHA-256:AD22212950A1C8D9B09F6FA0393F8C0E702CFACC05241B0D5DF0D3D2BA9CEFA5
                                                                                                                                                                                                          SHA-512:1D2BC9F22D1286AA5BE3BF8291A1B33020717F3C3E509634C0497B1FE5CDD4B7A070DABED0AC72CBCD5514DFC2B0449734F79E9AC683C171C649466620587161
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastGlow.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21704
                                                                                                                                                                                                          Entropy (8bit):3.1461809813480404
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:4rCEiRP38EGK88W0NfDwF4zp1WXbYYBcpZuOgOOqfke5qTbfDZ51/AbV51pdE97t:4PErXBmXb9xbe5qTblMXd5te
                                                                                                                                                                                                          MD5:7CC378B780D05A0F982877832454F902
                                                                                                                                                                                                          SHA1:8ACFB4A33E74A42487D85DC3B1B8BD545418DDE3
                                                                                                                                                                                                          SHA-256:1E25348D701EE57DCDBAD19E3252B47D241A1B31367D16F5483AA1075025C247
                                                                                                                                                                                                          SHA-512:1212787BF488912EB6828F33A95FC855FA81549EB48BD94D4C56DC8CF496422878DE458F03FA3A90670049E1EB074D731979FA9F5A14476C09AC33F7F49A43D4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)................T.......................................................q.i..MU0.E................#...m....#..P...........8.......8.......8.......@............... ........................................................................;..............X...........0...x.......8...........H...........0...x...........X...........8........... ...h...........H...........(...p...........X...........8...............`...........H...........(...x...........P...........8...............h...........@...........@...........0...x...........P...........x.......8"..."..."..."..C...P...C...........S...........0...C...S.......P...`...S.......p...`...#...C...P.......s.......P.......p.......s.......C...s...S...........C...C...P...C...p.......C...P...C...s...S...........c...C...P...C...p...S...C...P...c...s...S...............c...P...c...p...s...C...P.......s...S...................P.......p.......C...P.......s...S...................P.......p.......C...P...................C...P...C...P.......C...p...

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastInnerShadow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10099
                                                                                                                                                                                                          Entropy (8bit):4.5547161392604325
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscG1zlcCqBY9cNJGBRNaTiN/spNYZ4N1SblXyJA/R:nDG1JxmPcukyA
                                                                                                                                                                                                          MD5:C2C13CC2208F6A6A30139CFA572A7067
                                                                                                                                                                                                          SHA1:EDEDFF0BBF7B6F6FF4A7E6B80A27DD4A6209DC8F
                                                                                                                                                                                                          SHA-256:C3EDFDA7C3677D94681E002C1CE62D1BEA074A04A6232BC398534470F09E2578
                                                                                                                                                                                                          SHA-512:852B2408EE6F8BDF2250CA023A15253467BD3045BBE5AC992261B0B517B616FC6B6F43EC279D83E0AD823384450C6C793CD6E94341A3BA936DAB1663EC7A7FA6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastInnerShadow.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22064
                                                                                                                                                                                                          Entropy (8bit):3.1540685960247647
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:VLDmnnYvF75zo77VCirGuXqBzrrlJ/HZuOgO4iNKKq4UlHXsS2iLAam8zx:JpUzsrr0x0G1XFLAavl
                                                                                                                                                                                                          MD5:ED598F5CACD931028B71E66BCBEC60AF
                                                                                                                                                                                                          SHA1:411E8061798F6BD2C852D75168450A8266C479ED
                                                                                                                                                                                                          SHA-256:E21B5D64A2F31DEFC94623FC86316D27D7AC53B82384821FCEAFFA394B827CAB
                                                                                                                                                                                                          SHA-512:990437DB67927C7CDE1D01AF53FF414A83DBDB05F0716750B06C7DDE67162F74931884E9A7F828EA4CCA5F6AC9547E2B46C044D2E1B2768109B1D60F1BAAC9E5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...............0V..................................................*.v.C.....V...Q................#...l....#..R...........@.......@.......@.......H.......................h.......h.......h.......h.......h.......h.......h................<..h...........@...............h...........H...........P...........0...............X...........@........... ...p...........H...........0...x...........`...........8........... ...h...........P...........(...x...........X...........@...............h...........H........... ...h...........@...............`...............x...0"..."..."..."..C...P...C.......#...c...#.......@...C...p...C.......C.......C.......C.......S...c...#.......p...c...#.......p...3...C...`.......................s.......................C...`...s.......................s.......s...........C...`...............................................C...`...............................................C...`...............................................C...`.......S.......S...........@.......

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastMaskedBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7916
                                                                                                                                                                                                          Entropy (8bit):4.650054740700734
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ndscGeOTRkgrAr9cNJGBRNaTiN/spNYZ4N0Trs:nDGehr5xmPchfs
                                                                                                                                                                                                          MD5:681FFB907DC7876FEF710231C3F0D693
                                                                                                                                                                                                          SHA1:DF3DE413EEF094DCDCF6BF0768304859C98AB00D
                                                                                                                                                                                                          SHA-256:D21C5523227CC24443C5A33D89D7A957BDA2376EAE16B9D2B6FBE5AED7D68433
                                                                                                                                                                                                          SHA-512:B82D979FBBAA3DEB154BF90EFCA76401AC3ABD7D04C71B5AE3CFC4DBB342BED7B387E609C1DC409431A439CA7DDCB65A85FDE9A3A39B69C0166CB4A6DBF62353
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastMaskedBlur.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20108
                                                                                                                                                                                                          Entropy (8bit):3.0155722311266056
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:d3qDQ1bE5V72t/7Fl0J5qPZqXdUH8OgOTIl0itLUMKhUBoPz1JV:tRHfZqXFx3fp1gh
                                                                                                                                                                                                          MD5:933F3CAF9CFD713B3F44FF031EC3C0C9
                                                                                                                                                                                                          SHA1:D5A1C3C48264B203D7686C6840F17A32ABEF5E8F
                                                                                                                                                                                                          SHA-256:FF776F2ECA5A08847417031CD747C56B49182C0815C9B29994E8AA6F56F6EDDE
                                                                                                                                                                                                          SHA-512:A262BAC0EAA1CAD38F9C96560301D99A42EC39839699A959B826BF7B5CCE91ACFE975B6AFAD0160C537CE7B0FECA4604F4548C173F0B01B584EA5C6C8FBB2B35
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)................N..................................................0..f..f..F.....................#...b.......U...........L.......L.......L.......L.......................................................................................p5..........`...........8...............`....... ...h.......0...............p...........`.......0...x...........`...........@........... ...h...........P...........0...............X...........@........... ...p...........H...........0...x...........`...........8........... ...h...........P...........(...p...........H...........P...........`...C...P...C...`...C...........C...C...p...........................P...............p.......#...C...@...............P.......p...............C...p.......................P...............p...........C...@...............P.......p...............C...p.......s...S...........c.......P.......p.......C...@...c...s...S...............c...P...c...p...s...C...@.......s...S...................P.......p.......C...@.......s...S...

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianDirectionalBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12752
                                                                                                                                                                                                          Entropy (8bit):4.927987689083792
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ndzgUldGcQWR8yl69yuT/jrKOxgmk1Rh+0qpj85TKsv2ceErtdtP+tTtxtUkKD:ndscGvyl6U7JtfNdtPepnU/
                                                                                                                                                                                                          MD5:C0E84EC177B5BD2899D721683311E5CB
                                                                                                                                                                                                          SHA1:1016D6790C4FC3C234F5FBB01DC7678E669135B7
                                                                                                                                                                                                          SHA-256:883D1D8BF62E98EE7D4590D647DC1B5E0B24213C646FE9F6C91C806B59E2277F
                                                                                                                                                                                                          SHA-512:5064F419868CDD32E6CA6DB3567E3EEB5E6B3E4A1EE8A3586B3B0C948972905057D9BD49A00E4612D817FDC7D664125C04B1D89D2BF689D6E09BAF37FCAED646
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianDirectionalBlur.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26696
                                                                                                                                                                                                          Entropy (8bit):3.55275408277976
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:N55YB62YRs3yqvg9oTtMuZ4mRjUnzcnyQbmTIp4DOQbmkv6ZrXkAAYB:NTBRTaDB
                                                                                                                                                                                                          MD5:1DACF31EB5259F16433CE03D39F9ACB0
                                                                                                                                                                                                          SHA1:6BEB376CE06D108DC2982B29C54F448A5764F4FB
                                                                                                                                                                                                          SHA-256:B4D5A2CF92FAD4DDC429A02D77F1F3EDADBF2EA0D24E372D478512FF06D1E809
                                                                                                                                                                                                          SHA-512:CE84780D8E33A07B28C289ECFA79A95B8FE11F4B27148226FF46D273ACD534A9D7FA4AB206E5274C6E8C0C6018F398C9946CFC83DBE23AAC0411F13C1A95B541
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...............Hh..................................................iTNu[...K*.6. S................#...........(...........................................................P.......P.......P.......P.......P.......P.......P................]..P...........8...............X...........@...........(...........0...........x.......X.......8...................X...........@.......H...........h.......x.......H...X...h...x...........C...P...C...0...C.......s.......C...S...P...c...C...`...p...C.......C.......C...................C...................C...................C...........C.......................S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S.......C.......C...........P...c...c.......c...s...`...........c...c.......c.......c...s...`...............................#.......#...0...#...@...........c...p...3.......#...................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianGlow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3823
                                                                                                                                                                                                          Entropy (8bit):4.784379577769776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9pnu6IwSYh7NlyuNTIMiGgjb7OeQ7ruI:ndzgUldGcQWoSYhZlysUb7NEyI
                                                                                                                                                                                                          MD5:E2C260FE7963564B5489900BB4DD3F35
                                                                                                                                                                                                          SHA1:9093C5C745196084D9A034D11CE5E605B62D2595
                                                                                                                                                                                                          SHA-256:04D9A63435F6C8723A0744274750E305375D63532DD7D215526501C66DD0C690
                                                                                                                                                                                                          SHA-512:5F2C6ED09A2647C3C1875A8FB1E3B65FC58CDF99F7245F2F1F820270F2D22EFFA5883766100F7BDE27B6C34C3A50308BB85BD54341691D3A88C3FE50C863969D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianGlow.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7616
                                                                                                                                                                                                          Entropy (8bit):2.9791374337899468
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:kr4B+neOB0gW+PFeW68ef5UuOermSXxSFVfuY:kr4BCe+f3PcWXqkVmY
                                                                                                                                                                                                          MD5:5D602DE6CF2818BE92236649A42EF612
                                                                                                                                                                                                          SHA1:B8FAB2200C88F7C7F7B18C14A20917667BA76E45
                                                                                                                                                                                                          SHA-256:EC810BCF7F1B8CAAA1CDF0B5A2F36402ED888FA5300F11C45D09CCBABAE49D5C
                                                                                                                                                                                                          SHA-512:DB36BCDCD93F3D4E576F725D8E47E94A7AC9A9DF873E5506F1D18B13AA7BB5A359D1E99B1B396E3AAFBB4869C47D75A5CB05A8C53E95731CFD02D8D79D5ADFA6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).....................................................................Y .T.k).../.t.................#...:...................X.......X.......X...<...X.......H.......P.......x.......x.......x.......x.......x.......x.......x...............0...x.......H........... ...h...........P...........0...x...........P...........h...........H.......C...P...C.......c.......`...........p...c...p...C.......................s.......s...C...`...C...............C...C...`...C...p...C.......C.......C...............`...s.......`...............s...............`...........C...`...C...p...C.......................................................@...............8.......8...............7...................7.....:.....@...G...........8.......8...............8...................8.....:.L)............:.....|.....:.....|........H..........................@...............8.......8...............>...................>.....:.....@...............8.......8...............@...................@...........@...............

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianInnerShadow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4345
                                                                                                                                                                                                          Entropy (8bit):4.758638626564817
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9pnuU2YFpNlyIf8jk7r5Q0SOp:ndzgUldGcQWIzlyoQw9Q0Sw
                                                                                                                                                                                                          MD5:87972FA777906FF3A3F0C86989BC7FB3
                                                                                                                                                                                                          SHA1:F015E3685E60CF7B53A6F92448F646E17F34BB7A
                                                                                                                                                                                                          SHA-256:E47DB40488C3CAAE81826F4A070BE22F2FC3D2720F69E6359E7CF027121BB524
                                                                                                                                                                                                          SHA-512:0CCCF2B60769BA97731E90FB1806028072D0676D62652EBDDEB19808CCAE62F4D7BBEF5F5AE2F94B746759B677501FC51DB9E07B9C0163A725F390973728694B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianInnerShadow.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9408
                                                                                                                                                                                                          Entropy (8bit):2.9412660406771045
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:xh1sQTfz8n4aRBllOW3MWwIeT0Q5gShUbef5UJZieMhUoiYH4hs1QI5+JB22d:xft+4aRBllOVHZT0KfUKNP6Iid
                                                                                                                                                                                                          MD5:113EE628E99A6D1A00769EE8277A9AB4
                                                                                                                                                                                                          SHA1:B4E7EEF172D5434C5BCBF6C8AEEE6FBD636352AF
                                                                                                                                                                                                          SHA-256:EBE6D2CF5DE1BA828D09693D1EEEE983897892F8737A6D257992E98CD17AA39D
                                                                                                                                                                                                          SHA-512:9C019342896A538EC13FAC8926105F54B7B80EAC987C81787DBEFEE3BB7031ACFF5BBF94894162F69A08DCE0D19152AE2A8A9A7E0A6879D887824617C22484C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)................$...................................................&e,t.......4i.................#...?...@...............d.......d.......d...4...d.......4.......@.......`.......`.......`.......`.......`.......`.......`...............0...`...........8...............X...........@........... ...h...........X...........8...............X...........C...P...C.......s...s...s...........C.......C.......C.......C.......C...0...........0.......C...`...C...p...................s...............0...............C...`...C...p...............c...C.......C...............................................\...(\..@...............8.......8...............8...................8.....:.....@...............8.......8...............>...................>.....:.....@...............8.......8...............@...................@...........@...............8.......8...............B...................B...........@...............8.......8...............=...................=...........@.......".......8.......8.......

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianMaskedBlur.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4041
                                                                                                                                                                                                          Entropy (8bit):4.809241191703437
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9pvuISYhuh7eaUpTIMiGgj4JmHeQ7rVJmI:ndzgUldGcQWgSYhuhyaKU4o+EpoI
                                                                                                                                                                                                          MD5:436B9F140A9E5B7EC88FF6AB8AABA2F3
                                                                                                                                                                                                          SHA1:716697CE121CFB3601FB217C41ECF8578D3A9C7D
                                                                                                                                                                                                          SHA-256:98A39F372BC7A6DC83A4E7E51B56D2AA81E458DB1B3AA05850B3C22CF4C2F9DC
                                                                                                                                                                                                          SHA-512:4B1EA38CD82E2C73EC3282D8523EC7060656DB7143045A6E8F1A8F437B0333E3811D48A496E230DFC9F4D727D9315ECCDA71C48329B3ED865DC4DF9A7AF9D4DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianMaskedBlur.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7908
                                                                                                                                                                                                          Entropy (8bit):3.025830345523107
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:1mj5R9/wvyixX7eWJ8ef5ycOercnHOY2u2bxHust:1mlRtwKiZ6WqnHQVOc
                                                                                                                                                                                                          MD5:9C2B739EDD2941426017361A5B7CDD07
                                                                                                                                                                                                          SHA1:95D4B08FBF936F628F328E28EA28FAEA534B42B1
                                                                                                                                                                                                          SHA-256:4F0566E7F19349A34072363DEEB9155DE94081DF3396E7537E978D39915BBDD7
                                                                                                                                                                                                          SHA-512:08838BCA88595CB6E570C627D4C13A0E7CB3A23FEE2CF4DF879E15D18825866B9532005D5D76F7206000770DEC00D97D7B971EAE86F2BD1C50E5EF7BA162D5C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...................................................................u..j..n...0...................#...8...................`.......`.......`...H...`...................................................................................................x.......H........... ...h...........P...........0...x...........P....... ...p...........H.......C...P...C.......C...c...P...c...p...P...C...P...C...`...C.......C...c...P...c...p...P...C...P...C...........s.......................#...P...#...p...c...p...#.......p...C...p...C.......C...........c...P.......c...P.......c...p.......c...p...c...P.......p.......p...C...p...C.......C...............................................@...............8.......8...............6...................6.....:.....@...G...........8.......8...............7...................7.....:.L)............:.....|.....:.....|........H..........................@...............8.......8...............<...................<.....:.....@...G...........8.......8...............

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):446
                                                                                                                                                                                                          Entropy (8bit):4.831008563710771
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:xr9UIm6eQNuuWFEUG1bkAddYMUEqRpXQu:t82NuTep1LzVypl
                                                                                                                                                                                                          MD5:82BE01F1AD655AE2E5068903171BCA0A
                                                                                                                                                                                                          SHA1:810ADFB9C00A5FA65AC7FF30B0A2CA05F873E058
                                                                                                                                                                                                          SHA-256:D7681C4C0C927F07EEF863A156E254BDE0BFEB48A0EEA88F135B80325AA77FDF
                                                                                                                                                                                                          SHA-512:97E777FC63A9D851B52A4B9FC2EC1696A3F0BEB72DBD91FBBB8EA7F16CBEE421D4707DCC11672F6F8AEAD8098FA3DF3B6044607AACD3F573D5A0B22F4CFB611D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtGraphicalEffects.private..plugin qtgraphicaleffectsprivate..classname QtGraphicalEffectsPrivatePlugin..FastGlow 1.0 FastGlow.qml..FastInnerShadow 1.0 FastInnerShadow.qml..FastMaskedBlur 1.0 FastMaskedBlur.qml..GaussianDirectionalBlur 1.0 GaussianDirectionalBlur.qml..GaussianGlow 1.0 GaussianGlow.qml..GaussianInnerShadow 1.0 GaussianInnerShadow.qml..GaussianMaskedBlur 1.0 GaussianMaskedBlur.qml..DropShadowBase 1.0 DropShadowBase.qml..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):51832
                                                                                                                                                                                                          Entropy (8bit):6.500989465582415
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:epWOgA+9N/iJdHlpmkewtk0lmdgjbW/b6S:ekOM2hk44dgjbWWS
                                                                                                                                                                                                          MD5:EE8C49F3F53594E151219FA4A07AACF5
                                                                                                                                                                                                          SHA1:3DE74B2708ABE512FC179B0CA0911ECACA882D46
                                                                                                                                                                                                          SHA-256:050942FC820F1383A1A1AC2A07353C319B501E05B5F00D00BEB8C900AF202CB0
                                                                                                                                                                                                          SHA-512:375C635B57FFCC11C4A6B30ADD339F8257CA3C79145A31C020BBEB8FCC0C1C19BCAF357FFBD265C69893BF80E4B288058698A09C2196D903241CF94BBAAC3B73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$[0.E5c.E5c.E5c.=.c.E5c.(4b.E5c.-4b.E5c.(0b.E5c.(1b.E5c.(6b.E5cL+4b.E5c.E4c.E5cL+0b.E5cL+5b.E5cL+.c.E5cL+7b.E5cRich.E5c................PE..L....o.^...........!.....P...f......oV.......`............................................@.................................(...........h...............x............w..T....................x......Hx..@............`..P............................text....N.......P.................. ..`.rdata..4I...`...J...T..............@..@.data...............................@....qtmetad............................@..P.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1016
                                                                                                                                                                                                          Entropy (8bit):4.97599520054607
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:teatRDyUyGlETnlADBYGckBupY8dL6L7toVyiAkRlOPlyNOwPtZAHFK:IcVyhqOna9LBl2ovi3Al6zoE
                                                                                                                                                                                                          MD5:B30FDDA9D8391BC35EBFDDB4AD45952F
                                                                                                                                                                                                          SHA1:E614ABD59DCAFD491E456CB48695A4C932D05B0C
                                                                                                                                                                                                          SHA-256:A33AC64A4DA419166EA7B498F5B5573B8B0F3D9068C7506C6911F17FAEB947F0
                                                                                                                                                                                                          SHA-512:6265E82481CF9627C3FC75458389F61CAE3A5FC719662AD673B6C7F4CD52AC3CCC0AC940EDBA3E8537FA511FC15B69002D17216F351F99BEC335C24014396901
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtGraphicalEffects..plugin qtgraphicaleffectsplugin..classname QtGraphicalEffectsPlugin..Blend 1.0 Blend.qml..BrightnessContrast 1.0 BrightnessContrast.qml..Colorize 1.0 Colorize.qml..ColorOverlay 1.0 ColorOverlay.qml..ConicalGradient 1.0 ConicalGradient.qml..Desaturate 1.0 Desaturate.qml..DirectionalBlur 1.0 DirectionalBlur.qml..Displace 1.0 Displace.qml..DropShadow 1.0 DropShadow.qml..FastBlur 1.0 FastBlur.qml..GammaAdjust 1.0 GammaAdjust.qml..GaussianBlur 1.0 GaussianBlur.qml..Glow 1.0 Glow.qml..HueSaturation 1.0 HueSaturation.qml..InnerShadow 1.0 InnerShadow.qml..LevelAdjust 1.0 LevelAdjust.qml..LinearGradient 1.0 LinearGradient.qml..MaskedBlur 1.0 MaskedBlur.qml..OpacityMask 1.0 OpacityMask.qml..RadialBlur 1.0 RadialBlur.qml..RadialGradient 1.0 RadialGradient.qml..RecursiveBlur 1.0 RecursiveBlur.qml..RectangularGlow 1.0 RectangularGlow.qml..ThresholdMask 1.0 ThresholdMask.qml..ZoomBlur 1.0 ZoomBlur.qml..designersupported..depends QtGraphicalEffects/private 1.0..depends QtQu

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):62584
                                                                                                                                                                                                          Entropy (8bit):6.1127558774395805
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:D7JZBgBqWS7/JOyZcCaMgtz8jd4lpdj9Ik4z2Zarw+sbzoJ1mzyY:HJZKdrrarlsbz99
                                                                                                                                                                                                          MD5:CCAD57A187A1F6A45EE29B63C7EDBF70
                                                                                                                                                                                                          SHA1:0142D1828DA43E2E7AD9461C16B8EDC733757239
                                                                                                                                                                                                          SHA-256:A24E70AEF4F54268217473D5F58FB9672FE27A7E32D57FAA0A7CC60B3AA72111
                                                                                                                                                                                                          SHA-512:424DDE93D4E88AC177E81CA52001561AB1024517645E0C1C50A416A2F77C648A1B2DA55410F4D8E4B2C98E418BE1B6566E4DD5B03F7F276690E3901E58AF1A4B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2#..vB..vB..vB...:d.rB.../..tB..-*..tB.../.dB.../.|B.../..tB...,..sB..vB..4B...,.tB...,..wB...,..wB...,..wB..RichvB..........................PE..L....o.^...........!.........................0...............................0......+.....@.........................p...................h...............x.... ..4.......T...............................@............0...............................text............................... ..`.rdata..(....0......................@..@.data...............................@....qtmetadt...........................@..P.rsrc...h...........................@..@.reloc..4.... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick.2\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):204541
                                                                                                                                                                                                          Entropy (8bit):4.333953565609104
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:hALVzqJqDxmo/ADn4kdHNMISuI8Val+o8DQ736R4H33MNlknmPqQPuemxsSaRkGy:UVeIDwM6MIqh2o36CPxTxCRkGlC5b
                                                                                                                                                                                                          MD5:1C03A2CB4B001D5E7395821649854E27
                                                                                                                                                                                                          SHA1:7BFF9C426D920F85AF9CF6355B0E7EDCAFC9C42D
                                                                                                                                                                                                          SHA-256:A4C18F06FE88BAA04CD638CB23CD161DFE015F1ABB6AF83FF7610A2E4235CFD9
                                                                                                                                                                                                          SHA-512:09D3A2CC1A0FCD6618B44C9772F63A61CB999692E65CA2A2B75C1CC66D365B6A2C2B3B04208954006F1AC4802E328ADA010346080B9387A35794C0FE5A36D449
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: []. Component {. name: "QDoubleValidator". prototype: "QValidator". Enum {. name: "Notation". values: ["StandardNotation", "ScientificNotation"]. }. Property { name: "bottom"; type: "double" }. Property { name: "top"; type: "double" }. Property { name: "decimals"; type: "int" }. Property { name: "notation"; type: "Notation" }. Signal {. name: "bottomChanged". Parameter { name: "bottom"; type: "double" }. }. Signal {. name: "topChanged". Parameter { name: "top"; type: "double" }. }. Signal {. name: "decimalsChanged". Parameter { name: "decimals"; type: "int" }. }. Si

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick.2\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                                                          Entropy (8bit):4.476510489896447
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BoMURTEvyWmopYey+RLV06qWoZAhoAw:x7Us8oOf+keSAho5
                                                                                                                                                                                                          MD5:FCEDCCC4408C301DC6B1FE45721353AC
                                                                                                                                                                                                          SHA1:1F8E8E590505274D317573CA074AECDB70B3C596
                                                                                                                                                                                                          SHA-256:7E844000C1F61DB37173EE953012981D533C950E7FB772C2672CA74DCFDB914B
                                                                                                                                                                                                          SHA-512:4C4FDC7EBAA3DA4DE15832859D92A7AAB19EF7E7B5ED9C7858642C0BFD4145BE2962ECD2FC12B150A5F81797E8E47197A076A46AFE936EB29E4D2F41F78077D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick..plugin qtquick2plugin..classname QtQuick2Plugin..typeinfo plugins.qmltypes..designersupported..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21112
                                                                                                                                                                                                          Entropy (8bit):6.175998723290675
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:42QiRI5yLcsMR2FYj33zci5sLgDIGxAnfePPLTTjj+:FRI5ykMFeF+LgDAmzH+
                                                                                                                                                                                                          MD5:E064DFD82F6D37163FDE01C18906A956
                                                                                                                                                                                                          SHA1:D65141402D9A792D5D14A1421F88F10410F5F0AF
                                                                                                                                                                                                          SHA-256:16B2909D64F493D870B84C64E05353B54F645BF11944E04B7205AD026C3E2F63
                                                                                                                                                                                                          SHA-512:5F35B20E5C5131034D9507B67F9C094793A551195D21F1E22A4F0CC5F42EEE353D8982EF4DE994B4F22BE751E539362B6513B81570A77B035BAF07AD06B61C47
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q).q?z.q?z.q?z...z.q?z..>{.q?z..>{.q?z..:{.q?z..;{.q?z..<{.q?zZ.>{.q?z.q>z.q?zZ.:{.q?zZ.?{.q?zZ..z.q?zZ.={.q?zRich.q?z........................PE..L...8l.^...........!.........(...............0............................................@..........................;..|...,<.......p..P............<..x....... ....3..T....................4......h3..@............0.. ............................text...t........................... ..`.rdata..^....0......................@..@.data........P.......0..............@....qtmetad`....`.......2..............@..P.rsrc...P....p.......4..............@..@.reloc.. ............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\AbstractButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2196
                                                                                                                                                                                                          Entropy (8bit):4.822911595644864
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OLrQ3JFbtP:nd5CB7fdpFdU3vpP
                                                                                                                                                                                                          MD5:EA48511545DD3181AAD31E175715116E
                                                                                                                                                                                                          SHA1:02D589A22BD260249FAB2FED18EBF2BBCAE7D7B5
                                                                                                                                                                                                          SHA-256:73C1652D0326049D9D43EF24D15EDDE474D1A764BD7DFCB8F3B83C2823D985C1
                                                                                                                                                                                                          SHA-512:25BE70A08983BCC757705D92296C03DC825B20FF520CC3A8AB76F02A25AE46B33D2F79878F21268018667E3B1E3442B7F9A43C7701547F1439A7CEDF1C9961A7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Action.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1846
                                                                                                                                                                                                          Entropy (8bit):4.798549880380156
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9Oc:MCd5H6E+iCsAaKj7fOWIkFy9Oc
                                                                                                                                                                                                          MD5:FB7B31A91F3E60DC6B0D399106AA126E
                                                                                                                                                                                                          SHA1:274D1F3A351F1138082701CACCC0A5DEA9710359
                                                                                                                                                                                                          SHA-256:523DE0EFBD2CDBBE342ABAB01E8AEB1AB0CC01D840AE27712F87324646DB1D48
                                                                                                                                                                                                          SHA-512:FD65F23E1AA1EB88229786A488D0FEFEB685E056E60ECC59325D35AD1D94EAE6E28880F529435B3A87284036C872600543BC552E3B285A0AE010DB76DE35A37F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ActionGroup.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1851
                                                                                                                                                                                                          Entropy (8bit):4.801036857486239
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9OHn:MCd5H6E+iCsAaKj7fOWIkFy9OHn
                                                                                                                                                                                                          MD5:66FF9D123E79EF8C2E24051173EF4353
                                                                                                                                                                                                          SHA1:0F0D3D8D9633126099F7872ABBBCC7AA620BD664
                                                                                                                                                                                                          SHA-256:AF7AFB4F8FD6E98CADB48E6D6FDEF78EF48D8617C07D1E0EAA927D3FF0F5001C
                                                                                                                                                                                                          SHA-512:D9B3BA5E4587E4DFFE6E67F585DED42FE5DBA7D1E45C353C40D5D10611937AD26BEE05D629FB952625C6DA633826BA86C2006167F8BDA54DF65F41BDD5954980
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ApplicationWindow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2206
                                                                                                                                                                                                          Entropy (8bit):4.859857255789024
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OCMhgatRX:nd5CB7fdpFlL/
                                                                                                                                                                                                          MD5:BCA14E0F28CC7E609E21703B3082AF72
                                                                                                                                                                                                          SHA1:26E8503D57F664523B8344E7B485403113B9B44A
                                                                                                                                                                                                          SHA-256:13AEF729C0A8C10B4D2C7CDC2D07C408837BC4B01BAB8F1E4B7F0F565BE785B5
                                                                                                                                                                                                          SHA-512:6384A8C29301ECB8B41E8980E629ABAF77F1D7CAB1762BCE4F6BCE01074C300024352C8F7995878B1BA4B6776F5B1D5CA3D3FD9FD736B6E11DB626A11CC64069
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\BusyIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2598
                                                                                                                                                                                                          Entropy (8bit):4.845035402761518
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgpDQ3JFbtE6wB:nd5CB7fdpF0d3vpE6c
                                                                                                                                                                                                          MD5:A5CD195A941116FD9FFA1F81A851932E
                                                                                                                                                                                                          SHA1:73BDAFDDC4482C1423B9C7C70ED6C874425E33C3
                                                                                                                                                                                                          SHA-256:9D5F2B8B73243C6FA6B62EDBB2A7E10A461FD8BE29D9DC4F8A352DB2B89BF72C
                                                                                                                                                                                                          SHA-512:892456A23D700F4D61921E8F742BEE9814CBB14A1461F1232BEB196C8F0DDD8140D8785CB6BC2C00260F5EA136EFE1FE3A6E3FBA47E0BB08149AB735D3CDA48D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Button.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3597
                                                                                                                                                                                                          Entropy (8bit):4.784454586015021
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhglQ3JFbtn3kXxEzPwXRpcWr:nd5CB7fdpF0r3vp3kXxI0WW
                                                                                                                                                                                                          MD5:12337A6D1E1B9ED058419D8EF969530D
                                                                                                                                                                                                          SHA1:A65679BD21ED2CC5FEFC48D1DD00F3677AAC9BD2
                                                                                                                                                                                                          SHA-256:B28B1F726DDD5CB408C71F47EC62D9F4E5554BAF7C813A14408ED89E19D0C35A
                                                                                                                                                                                                          SHA-512:91FD2CCDA7345FD5F9DCD0243354D9F6F4F11F84A6E8DF7BBDC5C0848AE10D36EC45A52E5722C01934F231E682AE69CD2D34D74D90D2FB398CDF199434C6BA96
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ButtonGroup.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1851
                                                                                                                                                                                                          Entropy (8bit):4.801716178540186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9O1n:MCd5H6E+iCsAaKj7fOWIkFy9O1n
                                                                                                                                                                                                          MD5:59F570E3703E5DF2AA33E6A6833DFC5F
                                                                                                                                                                                                          SHA1:1868D5D4477004A91B027D5692251FEAF437E254
                                                                                                                                                                                                          SHA-256:1394D0A7BD3C10D033426E5FB95CB9DF75FBC3FE22962F152F9EB334836528FE
                                                                                                                                                                                                          SHA-512:3859B2CF04BE03931F0A8CD22BA94888090E506C3E2510A89E8B8D73DC9952D5976F3163E33AB881C55D9F1AEB2D92D84FDADDFC2CC6E7B9ADDEDB4367FFEEDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\CheckBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4022
                                                                                                                                                                                                          Entropy (8bit):4.793392595957024
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mh6QQ3JFbtoM3W0J4TEw0xeskxJy:nd5CB7fdpFG03vpoM35ogWo
                                                                                                                                                                                                          MD5:B504A8ACF2FD92ACEA40D292455FDA3D
                                                                                                                                                                                                          SHA1:1EC7F59CEC57622763E1610D65DDF2A1A84B429E
                                                                                                                                                                                                          SHA-256:376C36F8BB81EBD6D7CA09BCCAD95F9EF307BA2052DA38DD07228B7489C5BAF9
                                                                                                                                                                                                          SHA-512:21EC9BD071DA65F5A95084868FF8F17AD73FEC1B2A669CC850A42FAA3ABCAC35D62B40DC2847157805D209EE318B4A0046626B3D1574326BE623DAAFE6BCCB0B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\CheckDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4478
                                                                                                                                                                                                          Entropy (8bit):4.7756725637253234
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhJQ3JFbtoMhxeszxqkXx2Mg1XY4TEVPwX8OZ:nd5CB7fdpFGi3vpoMjLqkXx2MiINyZ
                                                                                                                                                                                                          MD5:BD2D13E8E608EB8DFAE8D345AA1CD12E
                                                                                                                                                                                                          SHA1:BD53B8EAF56B713D0697CC0681E1C2E11B51EC60
                                                                                                                                                                                                          SHA-256:FA4674932BB9B4F3571748440B4141A0C23A6DDB870DE8084081C6B926CC5E57
                                                                                                                                                                                                          SHA-512:3CFA5756C1AAFF9B5259735568F132C89CF7223C0C759F7DE429698876A5DE996FB4DF2D6EC109517F740D99848C3326383DDC113DB19953F7A9A0A73598D3A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ComboBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5927
                                                                                                                                                                                                          Entropy (8bit):4.742618150400444
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFn3vpoMUBm0UpyzP+sf7Vgi949q6X7N:nd0Bhp/JflK1jGX
                                                                                                                                                                                                          MD5:6C70E22BE2B15DF763F430858F990573
                                                                                                                                                                                                          SHA1:EDF65989F3152385D3A3CCEB5CDA8941D282869F
                                                                                                                                                                                                          SHA-256:9C85346D76F0241D3927E46EA1E2CE0B9927141CB669B79B5C99774C01971A53
                                                                                                                                                                                                          SHA-512:B10ED62D28B31234B461AC891EA8E3AF800C303C61F0DB8F6637D40EB5CE1816E40370165AF57F43FE8B5F549D98E5804AE2EF404A876770A2697D2873311B4D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Container.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2175
                                                                                                                                                                                                          Entropy (8bit):4.816116777865285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OcQ3JFw0P:nd5CB7fdpF93v5P
                                                                                                                                                                                                          MD5:84DF8B268EF632C64B841C21C7D07BAD
                                                                                                                                                                                                          SHA1:A82F850711BF50BF9B6AD3849A623FCD81910273
                                                                                                                                                                                                          SHA-256:9A35DC7EE7CED74448D59FE12A1E0C289569864BCC5EF0CF643B73A8ACEBE0FF
                                                                                                                                                                                                          SHA-512:673F09577F2AFBC20A1EC5AA980C93F1C128C1949D5E4C291C8C2AB898DFF7F1E84E3BA669AD1FDE810CDD29DE1D7D783015D61B87DF7E03668A22EE8BDF5986
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Control.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2189
                                                                                                                                                                                                          Entropy (8bit):4.819043374247721
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OKQ3JFbtP:nd5CB7fdpF73vpP
                                                                                                                                                                                                          MD5:35062D9350B9F6EDE14D98B7FB51E230
                                                                                                                                                                                                          SHA1:BC29795862934E823560769EB0B81B332164B0C4
                                                                                                                                                                                                          SHA-256:C36C30FD83CCD08A34C78684EA95FA902777108C3A3285580DCB51BA5650D3ED
                                                                                                                                                                                                          SHA-512:8983F299A176CA5EDDBFBF2E4D1C60425723A103A4905FD33D9C98E1A81BCEB3F0C7DB0CB633A7B5159EA49EB5798F2E282586ECE7DA9D4AF8866800E355FA97
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\DelayButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4163
                                                                                                                                                                                                          Entropy (8bit):4.713943551661154
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgQrQ3JFbtsrE0qV0OJatWlSC7V/LEWlSCIPwy:nd5CB7fdpF03U3vpsrYNIXYSce
                                                                                                                                                                                                          MD5:5168C33198A4BA990130E5FE7ED8CE8F
                                                                                                                                                                                                          SHA1:63DA160F997797A1FAF0E86EC68F6CC75D17878A
                                                                                                                                                                                                          SHA-256:D53409FE94CFAB9F60485C8472613BB7806F1062C295DD9DF1FBDB61E1AA7F53
                                                                                                                                                                                                          SHA-512:0D46BABC8AE0747210E0BF60C6E03CF4C05B60CE26DD973FD1DA98A780C08F921370A100B48CC37F27F67A6B6C290BC70E272BBBB085FCD035E4BEFF8804A102
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Dial.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3493
                                                                                                                                                                                                          Entropy (8bit):4.831719719729733
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgTQ3JFfCtj7AroREri52ZUfP+eX3FJ:nd5CB7fdpF0N3vanA0RQi5TX+enFJ
                                                                                                                                                                                                          MD5:DA3A5C0142C1A707756DCA3CC8425704
                                                                                                                                                                                                          SHA1:E06B7962FA75F59FD4A3A5EE99066EC959E326A8
                                                                                                                                                                                                          SHA-256:0F002B11F845EC2BA3FA8DA40CEB5ADDA050E0DE5F75B8F07C98AAB44996E100
                                                                                                                                                                                                          SHA-512:17AF838901AEC3D2A9F863982E8ADE97C224D1BAE1826B329705FE14F30E763066D568B24AADCE161DB8998E56095F70C286B5A3DE103ABBC317ECA9B2B3C3B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Dialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3310
                                                                                                                                                                                                          Entropy (8bit):4.7462705851417475
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhWQ3JFm0QuLYup5byaxE:nd5CB7fdpFGZ3vn3L/pxyaC
                                                                                                                                                                                                          MD5:8C2EE0D6AECD93E86C85C7CE4D0934C2
                                                                                                                                                                                                          SHA1:98379BD5580F66D4C48A80266367E2B94C8DD39C
                                                                                                                                                                                                          SHA-256:5A9C5FCF25151107B0A4DB78614EF94C2152B1A5CE253FA6A1501E4611CF77D2
                                                                                                                                                                                                          SHA-512:CC6A7250F3814ADF405D5B8F42F417DEEB14ECBFD421895E96D7981EE147CCAC705C5816708475BB674D31A12A1A71E46865BD8431923E794333C88D80604526
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\DialogButtonBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2924
                                                                                                                                                                                                          Entropy (8bit):4.8351607382479385
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGQ3JFQeGYtaC9GwRCweVXsV:nd5CB7fdpFv3vQeG0aC9G0CHaV
                                                                                                                                                                                                          MD5:570B8CD91543A1F582AF7973DA815CB4
                                                                                                                                                                                                          SHA1:E909B6FBCEFDD63B059141AEAE284654AA0B5346
                                                                                                                                                                                                          SHA-256:409137D65F2B71C5972B3B7E5BF45E83760159ED5E57988020445D8C84A11806
                                                                                                                                                                                                          SHA-512:A56BCBA31EAAD48A5A7F1A018037223E5E710241F250103A58D942DAAAE40A6993C40BD4912E2B46079C6249C86B1CE7514711B7AB90D04EA4AC469F943B57F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Drawer.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3301
                                                                                                                                                                                                          Entropy (8bit):4.8590682549607696
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg4QBJFw0tfnMoWQ+:nd5CB7fdpF0uBv58X
                                                                                                                                                                                                          MD5:C56ADAD225CB248C79852E9D21DE7D9A
                                                                                                                                                                                                          SHA1:DD00F6244743ADF0B6A2F297E1BF205649363A1A
                                                                                                                                                                                                          SHA-256:928267E5627A15217BDA98BA73965918CBACFC35B920355234A07D9B303C2334
                                                                                                                                                                                                          SHA-512:E08164C898F46B7F7DE06414F7190B5C1B565AB2A21CE5A2E3F4C0CCAAE1FDD8083DE3253E8EE0597E3B14041DF816BA05CC491ADBA71481C29A919823A61437
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Frame.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2366
                                                                                                                                                                                                          Entropy (8bit):4.839215024821948
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg+Q3JFw0GA:nd5CB7fdpF0W3v5r
                                                                                                                                                                                                          MD5:47481AF358218C030A1C0852656A50B3
                                                                                                                                                                                                          SHA1:EB520D4E99E28FE6137ECC7A38D041DDF8F86DBA
                                                                                                                                                                                                          SHA-256:DB256124A994C6300F9D647E2728A5D0290EA7BE5322A212C501B47781A3B3DD
                                                                                                                                                                                                          SHA-512:BFA75004DC5638209D0DAA2D8BCA50661099C4AFDC8545FE63438C0D68906C1793360EF2021E02555C74D88BED8349B3D61DB5C1232F9F0ACB85E36A9DAD03D7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\GroupBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2992
                                                                                                                                                                                                          Entropy (8bit):4.81273228791819
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhghQ3JFd0zva9WW3CUlQjxBA:nd5CB7fdpF0T3v6zvaIVHjw
                                                                                                                                                                                                          MD5:7E614A1C63108F26F14C10E9343168D9
                                                                                                                                                                                                          SHA1:74EF43743AB456BDF439C11F2635A2A6D0821B5C
                                                                                                                                                                                                          SHA-256:2C61E245CD57E76D2E93E85443B429893914079C0572E889161661D3A9468374
                                                                                                                                                                                                          SHA-512:391008186118867EB59E00768FED5A36AF6E5E454A389F25C52885E118D58BA4F6DD39E7F9A4B2691E1125D1D2576F98B11BC598A43891DDFD7E1E86577E1FC6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\HorizontalHeaderView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2836
                                                                                                                                                                                                          Entropy (8bit):4.811093739134321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvSQ399tqYVt2FbbUWlF:L5CB7fdpF235qY+b1
                                                                                                                                                                                                          MD5:C51A96CFE7DE9EF5F7499B520AEF04EE
                                                                                                                                                                                                          SHA1:FD088304215EC2F081FB3B30383140FB716F0842
                                                                                                                                                                                                          SHA-256:C7F74755B3FC438DBDCB415930BEAADA79E45A540424282DAECF5F538EE3489A
                                                                                                                                                                                                          SHA-512:80A19AB44C7232ABB863575C63FF25F235E2EA49A9532FA23ADACC8BEEBACAA3B36067E3E486B5BDB5F936BAFD442C70127F7E028EAD02241AA2B3CB35512BE3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ItemDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3287
                                                                                                                                                                                                          Entropy (8bit):4.807550250685247
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgNQ3JFbtoM0kXx2MhPwXzrk:nd5CB7fdpF033vpoM0kXx2MhYI
                                                                                                                                                                                                          MD5:6E3845C09360F72E2175D55F6824A8C1
                                                                                                                                                                                                          SHA1:6FCA8FC5EDBA60C288505B569D2AFA16C106A61D
                                                                                                                                                                                                          SHA-256:4E7E9EEB41EA501135FF25BB9C20702F39960CAF2062DB11A5F14AF4B2FF229E
                                                                                                                                                                                                          SHA-512:6DC194F1270E81F9F52C2A1EF14D641809ABDEDA4A50F07B0E40B31EDF0CD9CF2A3E4A34265535B3044E623C4D052E4BA94B910E4AB16E4DF60B25A5FD5382BC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Label.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2006
                                                                                                                                                                                                          Entropy (8bit):4.823272355715288
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgWqQwq:nd5CB7fdpF0xp
                                                                                                                                                                                                          MD5:93E7E784E66D09A9F5661D5AECA1E335
                                                                                                                                                                                                          SHA1:38E5DD3385E1295A8EEDC371B97F1F6574C0016B
                                                                                                                                                                                                          SHA-256:29AD5863DE006243027DA0B490B474F61097F42477577CB6F86167CF5058FF36
                                                                                                                                                                                                          SHA-512:EB933A8AFDBD1266A0E4905B0271A154153DFEBC90494A02E2EB5BEED5BFC405A08422CF43B1F722570F8662F69C2A0850F294F5B7F144D6DDED2D6B87FEF62E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ApplicationWindow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2301
                                                                                                                                                                                                          Entropy (8bit):4.868241936290458
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OC9GDF/y1/H/J:nd5CB7fdpF5DFq7
                                                                                                                                                                                                          MD5:5F6AAF4B990B3F689F16CAE3D9B7960A
                                                                                                                                                                                                          SHA1:32603C110B38AF5D97A8DC0A9C926BC9944BC07B
                                                                                                                                                                                                          SHA-256:3997B7DC3218FA3BB66AD68AAB2D372FCC5C932225B4EE68E9E9B2530063EB32
                                                                                                                                                                                                          SHA-512:4BAFB9530E1F512689F56D4DF90099AA2549B08121B5DAEEDC3FBB73F5A3D0E327EE02BEB547CB7940F6F73EF6EDE9C115ACF234E0210278BF5164D658197E39
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\BoxShadow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2911
                                                                                                                                                                                                          Entropy (8bit):4.889093741052121
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGp1pIPrzyxhFa6Qs:nd5CB7fdpFQDLp1SjMj5
                                                                                                                                                                                                          MD5:B6D09D6C6809841FA11E9B483563508E
                                                                                                                                                                                                          SHA1:522B3973D1B8FFA3F80ADA6D8132C4F416E773A9
                                                                                                                                                                                                          SHA-256:88BFAE64F2598B4591E3A71A64E8520E4F94855B4427C386F26B3ADA0484A779
                                                                                                                                                                                                          SHA-512:6B4B8335975139D83993C576086BE398099E60972ECFD9126AF9E59E00D0D4AD84EDD15C5F55171097EA9EECED141C85FCDEDD424066EAC6E67DC16B7AB80C22
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\BusyIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2640
                                                                                                                                                                                                          Entropy (8bit):4.846310750971607
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpADQ3JFbtEWyIwB:nd5CB7fdpF+DLpv3vpE3Ic
                                                                                                                                                                                                          MD5:998014A48C501D6F5CAE34C36A5480FD
                                                                                                                                                                                                          SHA1:6C9F57D7FB8EBAB09ECF03C594C1D27EDBF11C84
                                                                                                                                                                                                          SHA-256:B88BEF72CCB2DF722C7324C7A5B9D5B7A7DAD157F1E425F4366A2CB8764AFE14
                                                                                                                                                                                                          SHA-512:D6CAA3526C95B4AF25334FC5A768DFC17C4ECE6B0EEF044D8E93F5515D612254644860EF840E36F5C8AB32845F33C777E831D8E17AE99743D6F0BD130C8726CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Button.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4891
                                                                                                                                                                                                          Entropy (8bit):4.712125500495967
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLp93vpCDkXxpZwnGluzFYkbV:nd0BhpAvR5xDfluF
                                                                                                                                                                                                          MD5:2231BE9FCA62552B9EF504732460B9A5
                                                                                                                                                                                                          SHA1:71DFB6EE4C84E72384E5F1DFD4C1440BCC73C1BE
                                                                                                                                                                                                          SHA-256:156E59F5ADA238F76C0EE47E30E5A10514B35DDF14B6CAECC902CA6EF4C9FE99
                                                                                                                                                                                                          SHA-512:6F2B025808EE57281E98580E1F467AEA5E5797822F5EE009B1E77C5F4D0B56174EFA944E33EF5BC55FB2C7DBC003BB16C5FA6AE5834648B2F3ADA4536BEEE285
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CheckBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3651
                                                                                                                                                                                                          Entropy (8bit):4.792586493832598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGp6QQ3JFbtoMXu10J4Z6/E0xeskxgzMCUlN:nd5CB7fdpF+DLp03vpoMdqgWgxs
                                                                                                                                                                                                          MD5:A7E874448E4E895AAEEEA3590531024B
                                                                                                                                                                                                          SHA1:3976202A28B68B5E8905981C3577C5A7377B3D81
                                                                                                                                                                                                          SHA-256:F0678CF5E73535E683A33AE8843AFF427E344C8A0158ED61C119965CAD096139
                                                                                                                                                                                                          SHA-512:CF804D342CC327D842378DA280ABF3314746DF3104C7A4718C961929CD93ACD794004D1C79A34F8918B23817186867952F4E444B72A94FE01CB13EDFE87A54E4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CheckDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4065
                                                                                                                                                                                                          Entropy (8bit):4.79287401260897
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpi3vpoMCZySickXx2MXi6:nd0BhpAvEJEy5xvN
                                                                                                                                                                                                          MD5:72203B5852DAF13E66924AACE316341B
                                                                                                                                                                                                          SHA1:05AA4A43F090B0A4B1C56D997452B68EF9F32698
                                                                                                                                                                                                          SHA-256:3859E906C67E38F049C0B99A476A7FFC76F159AD867316F9732AE19BBDC91BBA
                                                                                                                                                                                                          SHA-512:BF56E27E887205AFF8B530BE3D188A574AEAFCA6144B46E15739517F1DF179D89693DDA1779B226D2B9F490A8116910E273FB2409097DA47836C841349850861
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CheckIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4154
                                                                                                                                                                                                          Entropy (8bit):4.70735936961081
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpyQniB6mlOFAoOXt/A4zE7u3iWWrGbWGLf:nd5CB7fdpFQDLpyR5fAcElrGSGD
                                                                                                                                                                                                          MD5:B5BB21C77903BD5D5360BE94C12F2733
                                                                                                                                                                                                          SHA1:D9F189675A8DB324D539C0C7891E2CF2DB6E8BBC
                                                                                                                                                                                                          SHA-256:8A03D5FE3AD0C783F7611FAD9ED5AB7AB75895213B3D8B83CEA478530C2ACD5E
                                                                                                                                                                                                          SHA-512:3EC94B29854D6240E8C2AE602FC0DA0344EDEE6960C672995573F0A7D5B61D13A30787F7930C1EC179F434C236E6AC3414600AB3B80D2F3D1AA7C7F897D52BF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ComboBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7644
                                                                                                                                                                                                          Entropy (8bit):4.727217163835898
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF6WB3vpoMCeCBKUpUez8vHFTkkn6/9uUU6jYnppzEndq6BpcV:nd0BhpQWbJna/N/UJ6KpBCd3O
                                                                                                                                                                                                          MD5:A085BF12BCCC44C5A3C2E3D30F7B796B
                                                                                                                                                                                                          SHA1:892D7BFCFCCA794F671375CBD829A9F9A770ABBE
                                                                                                                                                                                                          SHA-256:EAB631ED486DFED52FA8B61256395623445B652E6EB9A81CD47ADDFE008A6F1A
                                                                                                                                                                                                          SHA-512:41074FAEBA9950974E85422F4EEAD8E9FEC220D9CCCA2C15D85E864C4ED0CAE4883F88742168822CDE14E17D5D757770839BF7A53B481B783653DF3AB222A5F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CursorDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2616
                                                                                                                                                                                                          Entropy (8bit):4.794552110693869
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDhQxh/DfXDx01r:nd5CB7fdpFQDGP/Dvmt
                                                                                                                                                                                                          MD5:3997FE3281C6F47D2330E117E3712887
                                                                                                                                                                                                          SHA1:0556398A8F6006D19CE6EE73C346CADB5784D7C9
                                                                                                                                                                                                          SHA-256:1C894576FD20CEDDA07919CC2401CC9D15A90EFFB272AFC31D1DDAB31537C3FF
                                                                                                                                                                                                          SHA-512:5BD646B0B4A6DF0FA5A20316FEEF43BF54821916B4D0ED86794BEE5A298EE590372CF26D39E53F54E2814D334F1B7F7D8C1F2398579BDC91D58686531E175949
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\DelayButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4471
                                                                                                                                                                                                          Entropy (8bit):4.701240992370061
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpNU3vpCqrcFrwnGYCjvFYkbc:nd0BhpAvQprWfYGY
                                                                                                                                                                                                          MD5:EFA3A440A844F11307A1056F3D20D008
                                                                                                                                                                                                          SHA1:187F407F5388977B27C76C2B8BC797AE8B3E4D97
                                                                                                                                                                                                          SHA-256:1EE9513B607B760E0C7BC5BE8F794A6C5A2DFA96A946D2F5E5874467B03D6B33
                                                                                                                                                                                                          SHA-512:0D2CE0FDB078BC97CD6D1C9E35213DF9652306491879A95BD99CD80B0F44F0B93D1506EF95051001583DDB915B4A60C7230158DEBF4FF60A5EBB71ECB2C4EC66
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Dial.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3543
                                                                                                                                                                                                          Entropy (8bit):4.792348845887984
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF+DLpz3vCB6f5noBi5lnFify/Pt:nd0BhpsvImo2lFL/l
                                                                                                                                                                                                          MD5:29D8F30C877B7FB8122F16EC9950A142
                                                                                                                                                                                                          SHA1:4293CBCD68FEA7A3D255FA2D84F8586D13632D8A
                                                                                                                                                                                                          SHA-256:F4302746ED0917CE145534B9B81FE0FAA025531CF5ED04A81A72994FA234E45C
                                                                                                                                                                                                          SHA-512:0D07A75610EA512B25D7DEA8CCBC803FBE9ABF36C376AFFD517C5AAE6486EC0CF5E305E8FA8382479E9EB7E29EEED9F568DC09AE8242E13280A1124935D66018
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Dialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4358
                                                                                                                                                                                                          Entropy (8bit):4.812079921863784
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpZ3vn3L/p1jYnppjEnF5FyBP1:nd0BhpAvfbR1apxSFOP1
                                                                                                                                                                                                          MD5:2548CFF063C7BE6F57B8D4F81BA33A06
                                                                                                                                                                                                          SHA1:C314CA356D2BC6E985BADD8E75F96A7B9A5C0C6D
                                                                                                                                                                                                          SHA-256:0363B31324C9EF26FA2BB540334774DA0A6545951DD06A149E6B832A6BF6C7EC
                                                                                                                                                                                                          SHA-512:870B3687579C10781A7B110FF885964D0D91D6ECD5A68A41C4CF3F5B09421AD2302014EAE2889E38A00B6538B84E2721F0F056EFA2209383283F333F62F26E90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\DialogButtonBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3207
                                                                                                                                                                                                          Entropy (8bit):4.869069840142379
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp3Q3JFw0Xk6s9H9YMweiWt0D/6x:nd5CB7fdpFGLDLpg3v506sDYMHiW1x
                                                                                                                                                                                                          MD5:06C06A6C5FE0705DE484D089C6E803F4
                                                                                                                                                                                                          SHA1:C3C742F65EFE8DDFB72922C98C265E1E6A6A76C9
                                                                                                                                                                                                          SHA-256:8A0C771BAD8EA0DE60C8B5595C3ADDF6A6E7785426CACB7D57F30D7921524045
                                                                                                                                                                                                          SHA-512:2FF884A5929EE2E3C576AA9BE594E0CDEE5C52B2C4F288CF4AE9BFDD4737CA412FADA63442C245FD34425640AC19FE53CB56863BAF6BD09802B7BFDC2FAAB49A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Drawer.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3867
                                                                                                                                                                                                          Entropy (8bit):4.862301490461931
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpPQBJFw0MyAxyhnMQxWQfgUqRh7/k/J:nd5CB7fdpF+DLpYBv51EgT4hK
                                                                                                                                                                                                          MD5:13FDABAD8449B607D5365D681CCE3015
                                                                                                                                                                                                          SHA1:7BECB74EBCFD5AFA4ED27ED41DA1828496033F2C
                                                                                                                                                                                                          SHA-256:5F37513A7BDD0DADCFDC435882DB4199A224114EC41DF8C9250AA1483F9428C4
                                                                                                                                                                                                          SHA-512:79013303748C61FE97F2E759AE1778157B2C88451F564315BA642180A6E5C5903171E3E6BB600354924B37A24A3D29168FB1C196195222EFDBAC863D0E66FB71
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ElevationEffect.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10030
                                                                                                                                                                                                          Entropy (8bit):4.806138037085718
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFQDLpKr5EuujsA1GqHVyPDwQHHoxOoumQ91H24L8M5nNG2oLk+WPwub:nd0BhpKvUr5EpjsA1F1hQHHRodU5oQ
                                                                                                                                                                                                          MD5:EF49589B6DDF274E2EF2E77ECD689BD9
                                                                                                                                                                                                          SHA1:0C3DE37CD559D988B9F78A845B8A6D45D6FCA35A
                                                                                                                                                                                                          SHA-256:4E223635E82795BB7A8909C15D1F2739EE7E607344187D30B929B5D8DDB09808
                                                                                                                                                                                                          SHA-512:0A3FE282F8447E04565976791D66F1A177BA7F925AF1663D7DD4CE5D5D86CD14364E7C13E2ECC59BA25B52FF1B4CAFF93B584892673328F576F526167CE77B03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Frame.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2710
                                                                                                                                                                                                          Entropy (8bit):4.838309188288612
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpXQ3JFw0akHz4y5Fc6RW:nd5CB7fdpF+DLpA3v5L5FLW
                                                                                                                                                                                                          MD5:6E05224A672A8F3683974C2BED54DB19
                                                                                                                                                                                                          SHA1:C67BD494AA339A0F025A1DE7FE0A2C3F4E8D2ECE
                                                                                                                                                                                                          SHA-256:54B7E9D18092BD8AE03E9336554F48CF5178C304457C70FF107F4A2FDAF810F0
                                                                                                                                                                                                          SHA-512:FB38360AAD57AEC7202BA891F9EA4D7F8EE7C49A1C09C5AB924ED65A0D7C77191A9508A2D88006E6762544AB015C42084F04E56CEC3BC3A19ABB85E3884EF9D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\GroupBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3408
                                                                                                                                                                                                          Entropy (8bit):4.812150701263161
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpqQ3JFd0kHIvaHHtWnzMCUlQjxT4y5Fc6w:nd5CB7fdpF+DLpN3v6LvaYnxHjD5FLW
                                                                                                                                                                                                          MD5:DF99BC50E44F0E6708A96BEE13C330D0
                                                                                                                                                                                                          SHA1:D153FF903F1C7C2BC5692ABF41B91DADA12F2387
                                                                                                                                                                                                          SHA-256:BDFBC86A651DB5FDF65A3FBCB7CBD91BBF295D845612BA369E317FC4A5DB3AB9
                                                                                                                                                                                                          SHA-512:2F409347A4BA5F600D07BC38258C6451C0CD7C83F27D51C4B8EF38B584FE04245A0DB4200BAAE5A7FB800CFA4A628BBDC003567966304704C919F7E9E1549E51
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\HorizontalHeaderView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2968
                                                                                                                                                                                                          Entropy (8bit):4.8077641352008476
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lv8GXGBQ399tqYVt2ykFbbUWlNzx:L5CB7fdpFgWa35qYDQbdV
                                                                                                                                                                                                          MD5:A4DACE7AF6027943AD4B4513FD75EE40
                                                                                                                                                                                                          SHA1:878BE0B95889815C17D3A97ED5D5F522AD2674AA
                                                                                                                                                                                                          SHA-256:D8F333E3EC6E057BE364A043677A8E3A2762384C05FCFB2A5069184DDBFEEE99
                                                                                                                                                                                                          SHA-512:850FF7CE8304F738D9114E988FB7B9720C5D0B8A3856BF5AF354E5C96062E62024E47E7DAB3653B3458D7F2542116FDA35BA5F452C03011D83047E2C2864A1C3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ItemDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3570
                                                                                                                                                                                                          Entropy (8bit):4.797861913310862
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp+Q3JFbtoM2/EyZkXx2MXz1gmx:nd5CB7fdpFGLDLpB3vpoMCZZkXx2MXi6
                                                                                                                                                                                                          MD5:48495866F8B6E452907F4E90F0B1AF19
                                                                                                                                                                                                          SHA1:092CC0136EFE59B8389B7A521628FD05E59F7ADC
                                                                                                                                                                                                          SHA-256:D4FF3080E64C091CAC96A7A4F6F7FE8F2F948F468D70DD39271AA48D02F6B306
                                                                                                                                                                                                          SHA-512:1F9F95545374F75CA3E345737ABA1E86D652FB3E65B3F92FCC2118E6DC15CF6DF5461874AEABF1A1FBE0910CA8752AB6887FF1FC955AFB27B316FBF42901F3F6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Label.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2008
                                                                                                                                                                                                          Entropy (8bit):4.82410778031169
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDdqQZEtV:nd5CB7fdpF+D/Zg
                                                                                                                                                                                                          MD5:DEAEDB2DEBDF15BD087D382C28C34291
                                                                                                                                                                                                          SHA1:72FD0FE26E38F816D8572DA1C9425365F64ED9A9
                                                                                                                                                                                                          SHA-256:B82053C1628AB97B4FC2EC4B001E7368B8483B0305C15CCB5BA29B2F61E7AE0E
                                                                                                                                                                                                          SHA-512:D4B2CF07A170F9F68C19E4A98E0FAD270BE2F748C883B988217BC9BD16E3198C06DDDA9BE600E3C66AA84CF1A93E4B6ED69DB0FF88A2AC3834E08F6F770F2F72
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Menu.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4162
                                                                                                                                                                                                          Entropy (8bit):4.869740301783965
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFTDLpuS1v5EtBjYnppjEn2vCccP5FF:nd0BhpdvgmEtBapxS2vbaB
                                                                                                                                                                                                          MD5:365971BA24915164063E97690F7DAE9C
                                                                                                                                                                                                          SHA1:2A55D6FCC0512A77960FCBF761A1910D5E461FC2
                                                                                                                                                                                                          SHA-256:413199D8146BBF130A26A50753B3F8ECB8A26158A5D77C32D6B1EB22B57B3AC8
                                                                                                                                                                                                          SHA-512:A911D0CEEEA33F52DA8E30D7C946BEB14E39E873658E3EF58DC383292997570C3673A2EBC22AE1159715D5F1DA0427A76133B17C2C3BBD1BB27DF6E89EBD728F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2604
                                                                                                                                                                                                          Entropy (8bit):4.840411587708949
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpuQ3JFw07mXob:nd5CB7fdpFGLDLpx3v57v
                                                                                                                                                                                                          MD5:68ECFF6B2C4A7B65B2D6CBE889DFBFEC
                                                                                                                                                                                                          SHA1:D7DA0CA6412D9C4E81A567C22B1AF44B64C14FBD
                                                                                                                                                                                                          SHA-256:C62DB07B4D429F9BD0CF88EAEF9B15AD8CDB58322C7656D55BE5936044EB1240
                                                                                                                                                                                                          SHA-512:DA91A917EED9C3597D91FA12C4EB4FC620BCBB4E5588A011DDC924F88749CC3CD42B10AE8E654A6920BBC6720EB6B8FF42CE7277F52106F791A0F6708BB3BC4A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuBarItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3442
                                                                                                                                                                                                          Entropy (8bit):4.770573402116531
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpBQ3JFbtoM2cEyZkXxmz0wwX/gvx:nd5CB7fdpFGLDLpa3vpoMzZZkXxmos5
                                                                                                                                                                                                          MD5:9BEB46066F22FBBBE53106B5FFB6AEF3
                                                                                                                                                                                                          SHA1:10E428EB0D85678230CD138F18536C0AA5CFC53C
                                                                                                                                                                                                          SHA-256:F3A31AE3CEEFEAAE4FDA9A173FD3EDB0DD817D692236120572D874F7FD2838F3
                                                                                                                                                                                                          SHA-512:B7A647B35E2BD15CB5BD43C0CFF81FAB42BF54033E4EB2FFF88A59B0D64C0D2B230AB1907D92F392A71B53C6DF0A6A0D5E1B806A6C4FAA00742AED06A6742F20
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4788
                                                                                                                                                                                                          Entropy (8bit):4.767659902718251
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpJ3vpoMWZ4xy0FQskXxmooe5:nd0BhpAvdJg4x+xR
                                                                                                                                                                                                          MD5:10972CD75BE888A0F031B6C6D2FA0E16
                                                                                                                                                                                                          SHA1:354218F2EBE99D987B7AFD2DE04BB7D7A7763E5D
                                                                                                                                                                                                          SHA-256:A7E1B2398C5CBFF591FE34270FC800E2DEBAEC810689744D58BAAA149558A619
                                                                                                                                                                                                          SHA-512:55CF2C2265A5D3604305B29D5998A0D9F2E10709893133A19709C2328F742E065F2F3A60D79C3C10A2C165233A225DEC899D4F60B0AD2A6FF8852F4C7EACE73F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuSeparator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2400
                                                                                                                                                                                                          Entropy (8bit):4.831926312624564
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDcDQ3JFbtPTslb:nd5CB7fdpF+DT3vpro
                                                                                                                                                                                                          MD5:5F7E2FA195063A499F450D38AC067AD2
                                                                                                                                                                                                          SHA1:FC02285B676D836409B46B57EE2D798EB256402B
                                                                                                                                                                                                          SHA-256:8CFD1C4238B721C2FFC6ABB4132F5670E45A6768AD5CBAC7413FDC5BBFB4D92F
                                                                                                                                                                                                          SHA-512:2186361D3C9A1C889C311508C2D92EA20C428B528946DCED53CFDCF312E643BB4783235691BE1EBF0644C2DC52ADB85796D6CD172FA627B1EC4CF6FBCD27E497
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Page.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2588
                                                                                                                                                                                                          Entropy (8bit):4.772227959654226
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDlQ3JFm0QuLYup+b:nd5CB7fdpF+De3vn3L/p+
                                                                                                                                                                                                          MD5:CBB179BD9C4898ECC26A6EC3C82A41C3
                                                                                                                                                                                                          SHA1:61B2FC2C285F19D0037B825229BDBC9E2BB318B2
                                                                                                                                                                                                          SHA-256:DEFAA9EB6822493956BCA3942ABFFD8C41EC10D40653EBE48147A00C321A4BB7
                                                                                                                                                                                                          SHA-512:4FF25C655307C36C6077EF936AB27C0FD47D8A64BAD5D761BC4E582764524B67E4127E7EAB6CE8A70ADFB6A74EA52579D51123DD1FD22FFA8089CB28A7CDECA4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\PageIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2795
                                                                                                                                                                                                          Entropy (8bit):4.828338932063428
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GD6DQ3JFbth60+jzyZZZ:nd5CB7fdpF+DZ3vph60+jGZz
                                                                                                                                                                                                          MD5:EB291290659332B4760637A4A13C9BB2
                                                                                                                                                                                                          SHA1:8C8B529B020F7F58C911B37587E065197ECE76B3
                                                                                                                                                                                                          SHA-256:F7A71B592744EA1A88843238B5576B4DCD93BC923D79585D3BE0C54F749C1A96
                                                                                                                                                                                                          SHA-512:9E5BB4EC6E40617094C05C10734298A0D60F027EE19FB2C4E383BFA6A7197867350626C024E9BFBA9B2D250A65171DCDE90D5F952EEB9B43C82BF9B86FF051D3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Pane.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2594
                                                                                                                                                                                                          Entropy (8bit):4.8344449556473075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpUQ3JFw0o+MFc6RW:nd5CB7fdpF+DLpH3v5eFLW
                                                                                                                                                                                                          MD5:E5FDD28B572D970E35544C60FD8BA0FF
                                                                                                                                                                                                          SHA1:177441A046688D225AB8B60F67D1D8755239535D
                                                                                                                                                                                                          SHA-256:158D1F2A7C116DA47489FF7D022314A79198A9C10784FB04B777B19A9906A284
                                                                                                                                                                                                          SHA-512:F84CF4159FD462FD33AA3E4464F0662FE362D812813A5A688C6809847D906C029BD3471CB8F5F5B3E74471D08C593FCC3037BDD858E62B5DFAF1E501CE2BE603
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Popup.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3464
                                                                                                                                                                                                          Entropy (8bit):4.898820195124723
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpwQjJFw0FQiYnpetijEnIy5y6RC/k/J:nd5CB7fdpF+DLpDjv5FjYnppjEnF5FF
                                                                                                                                                                                                          MD5:7046F5FF3A70AFCA04B39F430AB475B7
                                                                                                                                                                                                          SHA1:DC7DC60B93B54C6E11CD696927FFC11F3D1E28ED
                                                                                                                                                                                                          SHA-256:B25507E5FEFD22BAD1CE21C0CF7910C448789EEA5DDBB74D7B17BDB4059CE6FF
                                                                                                                                                                                                          SHA-512:A58099AE5E66317A1C8B14DEC37896DF1F535327933FA27060FF82BD16062F3166AE78CF7F8D966A83C10CA95960743AB16198E6932DAC4409146603CFA75B7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ProgressBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2820
                                                                                                                                                                                                          Entropy (8bit):4.837609805236169
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpiQ3JFbt8zgLozak8sBS:nd5CB7fdpF+DLpl3vp+7zanX
                                                                                                                                                                                                          MD5:D1C0A356DE670765571C5E8E4F0F8209
                                                                                                                                                                                                          SHA1:15B8228E3AECEDC6F904A311838589B03B47BE05
                                                                                                                                                                                                          SHA-256:9AC78116B02C1BCB4DCDE91170B10B8DD7BF532F0B800E81BD3C948F5CDA956C
                                                                                                                                                                                                          SHA-512:ECB8EF343476916484F60A840D2F6D80E85C96C221B175A69747FD8186C927D6EDC82839752E2ED66B2960EDC2009DC2B205D184E547299162EB682D8D4855F5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RadioButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3654
                                                                                                                                                                                                          Entropy (8bit):4.7911429859967205
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpFQ3JFbtoMXe10J4Z6/E0xeskxgzMCUlN:nd5CB7fdpF+DLp+3vpoMtqgWgxs
                                                                                                                                                                                                          MD5:565BF9F71B56FA741400574DACEB11DF
                                                                                                                                                                                                          SHA1:1390677D50F5C32E920FE1C79FDA5C410C4FA922
                                                                                                                                                                                                          SHA-256:A9DAEB562FCEE84DA8E896456C5E8FECDE4E49842EDDBDB87BB45F9E0038CB99
                                                                                                                                                                                                          SHA-512:4FE1BC10B616BFDE5CFCB534F5CC4D7504EF593C4FD68F986130F4B3A5A33202EE1A29A553A215C055CE4FB05D533ADB0979CF6AB075F7C95C8907F857D355EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RadioDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4065
                                                                                                                                                                                                          Entropy (8bit):4.792295622948737
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpt3vpoMCZLSickXx2MXi6:nd0BhpAvNJEL5xvN
                                                                                                                                                                                                          MD5:85BD4CF930049F7FAD1A1157CF56E2B9
                                                                                                                                                                                                          SHA1:6B96630AE511416426C53F3CC9B311AFB3B8B8D8
                                                                                                                                                                                                          SHA-256:01CEC46769B7E16A3FFC84123CBBED009A5D565F3D455364C79ED1C0A0006D0F
                                                                                                                                                                                                          SHA-512:67D74C13F5707F94D159E8F9A7352B5A0D21B6F258A98C6C18B8C777B26772CFEAC3D434AF09EA6F9136BF3B8671A37511DEEF5B18CE31ED81B4D7CE172223F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RadioIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2519
                                                                                                                                                                                                          Entropy (8bit):4.827600648510387
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpfSiK+T8ocf67:nd5CB7fdpFQDLpf2vNC7
                                                                                                                                                                                                          MD5:3C3E1ECD5F2D9B1C8B8ADF7941BFEE71
                                                                                                                                                                                                          SHA1:EB1EF91F402F7FDE38B6DFE79BAE0022CEE5BAE7
                                                                                                                                                                                                          SHA-256:302175E3FAF2093C879B338872688F9193579CA681B5EE4287807CC487A56DD6
                                                                                                                                                                                                          SHA-512:D753CE1817DE8FDBBCC672FBEAF1740FF993B9573764C1903C893539B04858BE3CA66B8F734CE9A282A3B00692D0A52E32B28952F717C1D2BE8651EFC4D785F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RangeSlider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4757
                                                                                                                                                                                                          Entropy (8bit):4.795633305434376
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFJLDLpF3vqSs1Z/6Hzt6/1nLdBPuh6mj:nd0Bhpjv2Ss1V6Hzt6t5BPu/
                                                                                                                                                                                                          MD5:517BC83A0059AB0501D89E95B479A244
                                                                                                                                                                                                          SHA1:84BD154840AA09E0349550B466C9A662E53DF8C9
                                                                                                                                                                                                          SHA-256:9119C70F03475B4D5AF2579302986B0694AB4FA6CEB4937B311E7B00A5611C4F
                                                                                                                                                                                                          SHA-512:6E08F72783689DF48BC3A604DBC25FA69B03DFDA1B8C3AEB48AE8F6847B9CEB59BA2FA614A1C8C94B873C61561A392FB02317FE5D3D45682602BB14E6D4DD9BE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RectangularGlow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8309
                                                                                                                                                                                                          Entropy (8bit):4.498428163270163
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy99io5JAS44kH1KWRmoAAJ/H0SAAd449lM688YAAdC:nd5CB7fdpFWJA/RmEZRMTmtnWwbQ9VI
                                                                                                                                                                                                          MD5:F98E2EAE330AEE1FC832A15FC395AE4D
                                                                                                                                                                                                          SHA1:BB91C3051A65832000DB517913F8A4B122C10F5C
                                                                                                                                                                                                          SHA-256:E4ADE2E5C1600BEFE2AE31221035B5BEEE33ACBB9395DB6911C32B117C10A300
                                                                                                                                                                                                          SHA-512:C263A0A3AE0AF2C665A079C4D77E931322FF4A6F062B3AA54D9D96540D53A1CB9D761E2901DA39F869528F3B4F2867DBCB65540D8BF42E876E643C64DE95F944
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RoundButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4702
                                                                                                                                                                                                          Entropy (8bit):4.724663373079018
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpF3vpCQ2kXxYTxUbYbZ2FYW:nd0BhpAvJXxuNY
                                                                                                                                                                                                          MD5:3A77FFFE5EEBC0606072577F2995448A
                                                                                                                                                                                                          SHA1:1A2EF46A74648931CE7A4B2318D62C1AEC0E8E8F
                                                                                                                                                                                                          SHA-256:6BA91BDE18BF2CAE35DE1815F2A1B8C8CF86765900C16B3599CD9650F7F6DF74
                                                                                                                                                                                                          SHA-512:E1E2F0CFE991518AD4D1DFA05AA44018F1EFF79AD1589B44DF816F89104CB01E9634CF4374377FB942117472582D576C4198206CE4AC7694DAFD2EC916F75338
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ScrollBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3771
                                                                                                                                                                                                          Entropy (8bit):4.840999626567917
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDsQ3JFbtySQkc2fEZHHkDPxEXiHoPxZ:nd5CB7fdpF+Df3vpy1kCFKPaiHoPb
                                                                                                                                                                                                          MD5:9B79FE506F854CB5E7615A2C241E3755
                                                                                                                                                                                                          SHA1:BCFB14A7B8AC3DED6B1554DF75A02D6B8A65A208
                                                                                                                                                                                                          SHA-256:AE326BD04FD07A2417F5583F2B06BFB68EE166938D1C651F33198F6E4665CB91
                                                                                                                                                                                                          SHA-512:736C108E7F9C524AA68DA52AB22403E068BC347FAC9AF02A77E2B1A1133D5956CBB13B782B9C0C195405685C6FFF0C597DC514D12DBC29D7BCE3B5609C1979ED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ScrollIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2967
                                                                                                                                                                                                          Entropy (8bit):4.755864058965555
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDsDQ3JFbtnRBNxAF/k+isH:nd5CB7fdpF+DD3vpnEJxia
                                                                                                                                                                                                          MD5:435FCB5EAE11DAD6B2411D5BC0787216
                                                                                                                                                                                                          SHA1:CEE1645E5D603A95363D99B72A250500BE9308D1
                                                                                                                                                                                                          SHA-256:A66BA3C2CEB4766CA959A6C94971E4FB3FB2B33FC6157EC89E22F9DEC6B8B5CD
                                                                                                                                                                                                          SHA-512:0836172997069DAC8287ED2D7A07E67DE8C659360D13A8AC6C50921D9F8338FB8BA1AFD4C1205DE09D6447F654D387009E4E1C34D9311E1A0F8A516BD34AD2A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Slider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3963
                                                                                                                                                                                                          Entropy (8bit):4.829478647325663
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFJLDLpo3vj896/P3nLdBPtF9m2:nd0BhpjvY896/v5BPjV
                                                                                                                                                                                                          MD5:46D343D4FC318CB86E1676A789915BA1
                                                                                                                                                                                                          SHA1:5218BADEBC40B2E50449A545A7843988D859A016
                                                                                                                                                                                                          SHA-256:BEF54AC22986A64AB8539D90568FC1A017FE0ECCCD1931F56A1910E429D0B922
                                                                                                                                                                                                          SHA-512:E611F7959AAACAD4527E2EDC1EF3D0C49EB015FEE1C25C135657D04910C32380BE8080D6E2FCA34506F4AB742D05911E7FA711DD5BDE4CF79EEF06C60D3F3890
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SliderHandle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2932
                                                                                                                                                                                                          Entropy (8bit):4.78290740051343
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpWnX+9o37M+fHMyzBADYfNsYNvb:nd5CB7fdpFQDLpWO9o37M+fHBzKMltj
                                                                                                                                                                                                          MD5:D647A5CD428C2DD080AEE1D246CAACB3
                                                                                                                                                                                                          SHA1:A5F9D762FC50421B78D55FFD60FDBAE57D75F69B
                                                                                                                                                                                                          SHA-256:BE6421A3B9D158DE3A94B9F737DE8538432414BC3D2AB94977D31CE1FAE755EE
                                                                                                                                                                                                          SHA-512:8DE0E39E5CF2721BADDB2A63AEE00A8BF07107E95FDA57F38E417B7EB3EBEB70193372285CDE17B6CF0760585BA49E755D50A5F8676833FF2B1BEFE9C1A48BA4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SpinBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6225
                                                                                                                                                                                                          Entropy (8bit):4.618752935327141
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF+DLph63vURkq3KjKbnuzjBUg/HLvWLTFuzjBUg/7ATw4VfsT:nd0BhpsvUhfxD
                                                                                                                                                                                                          MD5:1F3CF71216E54DFBD0A6A352907A95C6
                                                                                                                                                                                                          SHA1:AADC4946FDDD3BE151AB78AB64BC69356A3110FA
                                                                                                                                                                                                          SHA-256:563CA893E4477876ED5DB6DA9F981D0E6D60662378C7D4B77053B1226317C409
                                                                                                                                                                                                          SHA-512:2EE5821C9FDB31B2230F2919C8BFC894B656E5CB32F01F26291E9BC1F15BF8473535F678220BE4F90FA87385A1F9BE63ED7A666A142FC0BC5D1DC520EEB449C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SplitView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3315
                                                                                                                                                                                                          Entropy (8bit):4.790674071189243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M55H6E+iCsAaKj7fOWIkFy9LixvGmQqJFbtyz6f9JfDZFt:U5CB7fdpFOpqvpy2jZz
                                                                                                                                                                                                          MD5:E46181340B2D9E90775F686AFFF9C2AE
                                                                                                                                                                                                          SHA1:73BAC5091904762063E7D9AB1DFA1D49C3570A5E
                                                                                                                                                                                                          SHA-256:4248D6703D05D41480FFAF12ABEFC63F020B204221684D73D64957ADDC3A8B4F
                                                                                                                                                                                                          SHA-512:34CE77D44809A969247B76DB66F03EAA20FC9B94413B2E49FF9647B7E2841F32B1B271197E510B73FB45BC22F4EA70EDE14D6E8F5C4F24C93A800D8D58526442
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2018 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\StackView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3885
                                                                                                                                                                                                          Entropy (8bit):4.951612981046042
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF+DsV7p82+ij+spJOP8u+spk0OPO:nd0Bhpsa7pQiispkP81spklPO
                                                                                                                                                                                                          MD5:10E28FBB58B8A780C527A32A59114312
                                                                                                                                                                                                          SHA1:EB9CC1B8847B3AE2882926429014B1B257E87C1E
                                                                                                                                                                                                          SHA-256:09C499DE9CB6DF74464FD5A66C9A58AF16E34FFDE3E0C67AC12D0E0C81ACFAD6
                                                                                                                                                                                                          SHA-512:F6571C71E912B1850CD6F2211030AF6D9BC96CD32A5AB6D5801EA8FF0ECA679AF72620060A5F22A6D44EE3116013FA20346A4003A00AC1357957E14A9A067611
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwipeDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3887
                                                                                                                                                                                                          Entropy (8bit):4.773238807520014
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpQ3vpoMCZ8kXx2MXfUbK/Ec:nd0BhpAv2JExxvvAc
                                                                                                                                                                                                          MD5:C8A4636D811A78B52E3A333EF90AA494
                                                                                                                                                                                                          SHA1:B1A3AA6D7250ED974AC7B21DF7598F6919A6D5AA
                                                                                                                                                                                                          SHA-256:B19EB0EC5894590163F09F7B66A236CB30EA2C63E3E79846EABC4029A3792F13
                                                                                                                                                                                                          SHA-512:520272046579D975FB9E32DDC330DB698CDF099214D7B95F9B6ACFE03AABB9D05E39501464076AB08827E68248A32AEF4F2220F460E5F5A62AFE5C653875B8AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwipeView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2830
                                                                                                                                                                                                          Entropy (8bit):4.839139747866962
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDdQ3JFw0IJeSaVzdSw4:nd5CB7fdpF+D23v5I3aG
                                                                                                                                                                                                          MD5:55A2CB6F3D43441A3AB4D20CCCD8BC27
                                                                                                                                                                                                          SHA1:BE8DB5E36F2333E68976D0A655DB9C047131A7DA
                                                                                                                                                                                                          SHA-256:DF48A6406527FD52342CBD00D50D4F749D023086A01814EA8FC6C550A2FC53E3
                                                                                                                                                                                                          SHA-512:FA05783EDBB4174458FFE860EA3F93740B386CA1BA48309BFA551A410D7267949D0AB652FA78B5DF9B32889A31A67C4A87D6B5FF031DE0A80958E68B62E76F3B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Switch.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3612
                                                                                                                                                                                                          Entropy (8bit):4.796786231360721
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpg9Q3JFbtoMJA0J4ZWfsu8kE0xeskxgzMCs:nd5CB7fdpFQDLpr3vpoMFLfsu4gWgxs
                                                                                                                                                                                                          MD5:EC5BF32BB60EDCDB2F1C1D07F05E1CDA
                                                                                                                                                                                                          SHA1:D9CC82E6832EA93A2B87A136FF42463CDB27C14A
                                                                                                                                                                                                          SHA-256:E65C894AE653242836BED8789B72E8A208A8D743F840A73E9B6BDDEDEDD11A31
                                                                                                                                                                                                          SHA-512:F0D92BDCFD28CB0FA467F7FE8AF53F96022DF55B5AE81F12666742D3E46B421A443A953D57C3E7CE40E43AE6928E3076CDA14CE86B3465BA01B85217930F2538
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwitchDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4104
                                                                                                                                                                                                          Entropy (8bit):4.794699611379986
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGLDLpu3vpoMxZ+SickXx2MXi6:nd0BhpAv8Jv+5xvN
                                                                                                                                                                                                          MD5:8760D7638C811958C997AC97746FDC96
                                                                                                                                                                                                          SHA1:CB5D0324B0E2CF7C90C745F667102EB2B14722DE
                                                                                                                                                                                                          SHA-256:C897DD480D12643F24A357B1969B78B91DA6B7E8A950DF2092856010AB8A8E07
                                                                                                                                                                                                          SHA-512:56CF699B98F0EA9C97740CD5FC7770FEFBE90BA9A801FED5CEA855FED8C3EA53207FF45028FF2220D8EA1553FBF797ADFAD01AAC46D422EB9E82781DC7B880F6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwitchIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3330
                                                                                                                                                                                                          Entropy (8bit):4.752119040809457
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGp5Qq7rgI67BA/X//bXv6VZy/Gly6Ra:nd5CB7fdpFQDLp5/7ULEXbCVo/mFa
                                                                                                                                                                                                          MD5:2EC9174D585AA4F418A831EDB97C0B9C
                                                                                                                                                                                                          SHA1:E2C3ECBE6E7BC4FFA8DD5CEF3767BA3438F76C3E
                                                                                                                                                                                                          SHA-256:F01406646BB316E79AFCF276DDC59BC70BA46DE58562B1173A6ADF33728DC7F4
                                                                                                                                                                                                          SHA-512:00D834A26C0506C183E37A5ED077067684B63BFCE40D3662596C6E31F19B6CF3E3C743B575C3D6A764C1D8B925C9B65055838618842F6BF345CE48411EBE4FFB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TabBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3437
                                                                                                                                                                                                          Entropy (8bit):4.785298813653595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpmQ3JFw0cwlc8L8Nd2JB54xocy5y6Rsf:nd5CB7fdpF+DLpp3v5cNz2r5ws5Fsf
                                                                                                                                                                                                          MD5:E0C9C5E2BFC89B835932400D5F5FC80F
                                                                                                                                                                                                          SHA1:063643A8DEF7A64BFACB373F2B1E6EA9291F3EEF
                                                                                                                                                                                                          SHA-256:DF91849DA352EB0A6FA50AD30188014BC8EE8927676EF2108B7DDF55A3BA97B8
                                                                                                                                                                                                          SHA-512:93E21896F9F31F2E02D7B36E7C52AF63862C6E62422591250219F3A680527B42FEF4D107A89DC33D33E919F40188982AFC88346864E054FAC5331C2CFD3CABDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TabButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3208
                                                                                                                                                                                                          Entropy (8bit):4.826535254116028
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp5Q3JFbt+kXxOqgb:nd5CB7fdpFGLDLpS3vp+kXxOqw
                                                                                                                                                                                                          MD5:22F5EF66ACA2F5F123545E57DA4B9995
                                                                                                                                                                                                          SHA1:E27C692FDC8EC203F3A331481166237A6E15BF27
                                                                                                                                                                                                          SHA-256:6D87E0C63D2A080B7C6728A3E3DFBF8F792032034EA770710202592F1BD532B1
                                                                                                                                                                                                          SHA-512:3627C4ADCE5B6EF2EE4E62280C4394026273DC745301BE6AD463CEB4FB13B0B71EA76BFE4C1121FCF81BCA1044CEBC5C302983541E1227F456823BD6B1274963
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TextArea.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3727
                                                                                                                                                                                                          Entropy (8bit):4.830699947184764
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp4Q3JgZLzAjPERh1FjygPi/PCdWFob:nd5CB7fdpFGLDLpr3ONmPMndWa
                                                                                                                                                                                                          MD5:07D5EB3B82FE60F2E43ACD5D2C11C147
                                                                                                                                                                                                          SHA1:73CFA3E99F861EBFC64751BF43535661BBB898FE
                                                                                                                                                                                                          SHA-256:CD31510A2D8460FC131E5A94D753D0B923F50626E575131DEC9C94CB7EE540C6
                                                                                                                                                                                                          SHA-512:2B169294E7F9F281E51BA6254AD43398E0DF5E1586C4B520B432AD3045A0041D8D8316E3C3AC4432D094438C44A95380BA81E56D33460CA64A9E9CE5DCEAE027
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TextField.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3820
                                                                                                                                                                                                          Entropy (8bit):4.8410761106012945
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpzQ3Tw/nP0p9PERh1SijygPi/PCk1pM:nd5CB7fdpFGLDLp83TcszP0nknI/
                                                                                                                                                                                                          MD5:81914053CF4C8B51173BCFDAB127BE2E
                                                                                                                                                                                                          SHA1:1222B9204AC958072ECAA1E28F7D80C987B71685
                                                                                                                                                                                                          SHA-256:09A990D8A73091DA451FE46D518175A4D794B9E955FF45920D0E9D8F4063458E
                                                                                                                                                                                                          SHA-512:35F16E4E063FBBA6A54844E387DBA874B65AB9BBB8BC9E5F281F43F397F85D915090B3A186C68916B172CE0D4FD040EFD65F4E70A9E9500843822901E17ED55E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2656
                                                                                                                                                                                                          Entropy (8bit):4.830282251562865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpVQhJFw0myjy5y6Rsf:nd5CB7fdpF+DLpOhv5H25Fsf
                                                                                                                                                                                                          MD5:CECCF52B0AEC6FBB914633703AF7A1FA
                                                                                                                                                                                                          SHA1:299363C51B8BB0898E3300A8A5451F3CA85BDA04
                                                                                                                                                                                                          SHA-256:69EF1C4BF0329EB9FE2E6DDEC7E584A3E38430250CA3D9EDCC38181D6E44E636
                                                                                                                                                                                                          SHA-512:8C1968A391708A7F9726D058C831C930D83C613BD33764BE1B6F759ACAB536090F42D2996F1CEC063210A24C794D8F3DEE7D1A2AB8B4D9700EDD9D4F0CD4B49D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3602
                                                                                                                                                                                                          Entropy (8bit):4.812649874502562
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpAQ3JFbtBkXxSWrj7cMb:nd5CB7fdpFGLDLpT3vpBkXxSWTcc
                                                                                                                                                                                                          MD5:42B68708A8B18C126569C42844D844CA
                                                                                                                                                                                                          SHA1:E1DB4E42E6609532AC4731A8CB66866229C85FE2
                                                                                                                                                                                                          SHA-256:8D3AFD8D199595659F42212168ABCF55B7D1AC212A6616573BC083F73CCA1B21
                                                                                                                                                                                                          SHA-512:F48C3575E793E631915BC719FEFFDAD673517AFDD9EBDE93168DF4E4B7306A5C3ECD5669572CAA1A091A044503EE0E3537314AFB65C41FC613EA023EC7E03344
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolSeparator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2489
                                                                                                                                                                                                          Entropy (8bit):4.847822761591629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDDDQ3JFbtM0QHb:nd5CB7fdpF+Dw3vpvQ7
                                                                                                                                                                                                          MD5:AF500ECFBBD1A4792B16FA5C373D9FA4
                                                                                                                                                                                                          SHA1:7FB693155D9DE76B81BC5505BA33A91A7F5F0A36
                                                                                                                                                                                                          SHA-256:595E7895E532F29F9CA2DA32501522B8C8360664238DC82C7793C73AEBCC3D1F
                                                                                                                                                                                                          SHA-512:10E9227C90ED7CD4D52C5D5CA196F1D28F59736A874988FFB46A7BBB18640D6176C33E19E86B00AA8651E877484450E64733EDF6830940F347871FBB57312292
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolTip.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3206
                                                                                                                                                                                                          Entropy (8bit):4.885163038662627
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDlQ3o/JFw0jYWspetiF8ebpt:nd5CB7fdpF+De32v5jY/ppF8ebb
                                                                                                                                                                                                          MD5:CB7A270AC99A4F764986C3731EC6A906
                                                                                                                                                                                                          SHA1:AA9245F722DB3C96084E42F4AB3515D79E0ECC93
                                                                                                                                                                                                          SHA-256:6085F068214BFB06C453F1B671576AC585072A02638D871E212B7FFCBFCEB3E2
                                                                                                                                                                                                          SHA-512:14AC48489D020D7DC406499A4192372D2D344537A9252860DC914D70CE3D85E7476BD4FD6220E6CD335F9AE644B05018F3A6DAEC7E13E1DA896D1BDEC7321F97
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Tumbler.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3317
                                                                                                                                                                                                          Entropy (8bit):4.826698729490084
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg9GDtQ3JFI4CtfXKeGlZusHPwLA:nd5CB7fdpF01DG3vIvyrwE
                                                                                                                                                                                                          MD5:2D0F59B773A845F7F6105A2E6A6CA9AA
                                                                                                                                                                                                          SHA1:686126D568A0B636F4652EB820B6F94433575BCB
                                                                                                                                                                                                          SHA-256:1EF694FF3D76110423D945F9ED5948BA86587DBD130BBB953C1B88F3F7C08729
                                                                                                                                                                                                          SHA-512:06648257FAD90471945F4D56A47C1A0D93E65E1DF957A6A817B91D569CBE4A9EFA7826CECE30202EEF4E9BAE91AC2A8A55BDCA6EBBC2179A8C17C248862D5AED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\VerticalHeaderView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2965
                                                                                                                                                                                                          Entropy (8bit):4.806250208072157
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lv8GXG3Q3rNqYJfykFbbUWlNzx:L5CB7fdpFgWg3BqY8QbdV
                                                                                                                                                                                                          MD5:67CC5584067185FD2979461ED17C75E3
                                                                                                                                                                                                          SHA1:0824D45DAC32996C1F4ABC9294D5E77A8BEDBFC6
                                                                                                                                                                                                          SHA-256:B58DEADECF19234D92FCC035C0B773271B4CFDCCF24CD06E300F7C81903CA433
                                                                                                                                                                                                          SHA-512:C96E7782C9033D28279F5572AEB4910420A52CB72D6DC3D017C240FF50205B6D94D1C8FEFE9065E2F80644E9E38E1B37B5F7D76C0D1951E58D341FC16556B5C4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19745
                                                                                                                                                                                                          Entropy (8bit):4.398954459962296
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:0OEsWJxl7IC1CoZT5zkTmOG8pHBhk99bry4:0OEsWJxl7ICMoZT5zkTmOG8pHBhArj
                                                                                                                                                                                                          MD5:9DF4F4EC635616DEBA44BECF1D4B1289
                                                                                                                                                                                                          SHA1:550EAD9AF422A5CCABB4EBACDD53A23F3A4FFC39
                                                                                                                                                                                                          SHA-256:65CEA887FC78F250BAC61E4E4B6BC9F21C9443F74CA16C6461B808574C5BFD98
                                                                                                                                                                                                          SHA-512:92107583FC0A94EC5F6665100036099293B02995BA32384DE61BE1172B1E51F75D7644DD4B262627A7B00B58B9D0D19F6067292BE259285F56D77F0EB1A4AE40
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Controls.Material 2.15'....Module {.. dependencies: ["QtQuick.Controls 2.0"].. Component { name: "QQuickAttachedObject"; prototype: "QObject" }.. Component {.. name: "QQuickItem".. defaultProperty: "data".. prototype: "QObject".. Enum {.. name: "Flags".. values: {.. "ItemClipsChildrenToShape": 1,.. "ItemAcceptsInputMethod": 2,.. "ItemIsFocusScope": 4,.. "ItemHasContents": 8,.. "ItemAcceptsDrops": 16.. }.. }.. Enum {.. name: "TransformOrigin".. values: {.. "TopLeft": 0,.. "Top": 1,.. "TopRight": 2,..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):155
                                                                                                                                                                                                          Entropy (8bit):4.5598280105456475
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BV9NKfNDyVMURCNajJW4whvyWmopCxKD4yMg2cakyxRS9NKSvn:xVfONDGMUj1tw58oI04oG5Cfpvn
                                                                                                                                                                                                          MD5:087236C6EB9A82D9BB57278A08D5D039
                                                                                                                                                                                                          SHA1:B31AC662CE411E2DE7F87973B1A213E3AC620D0C
                                                                                                                                                                                                          SHA-256:BD78A9455635EAC335F2FD294323939B70B5906DC3C26C83441920413157E533
                                                                                                                                                                                                          SHA-512:705FE9B9C21E525E83E66C2594EABF01D42EFE66D7F44CF61A0C8539D7FDE08D75DF5C83E056F49100C901E2073BB9DCAC0457214D5DF32C7FED815F1C0ED9DE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls.Material..plugin qtquickcontrols2materialstyleplugin..classname QtQuickControls2MaterialStylePlugin..depends QtQuick.Controls 2.5..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):739448
                                                                                                                                                                                                          Entropy (8bit):4.749095212751871
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:Nk1MlswuWxuj0pxpCappphpVphp/pnp/pNp6pQpQpxpVpApB3p/p4pWpcpgpCpoS:sMlswFu40
                                                                                                                                                                                                          MD5:0BAA51AF9D9043FB2A828701ED22F766
                                                                                                                                                                                                          SHA1:0422B4EA84C835F0ED61D36A50A1ABFF0CAAC77B
                                                                                                                                                                                                          SHA-256:82D59479D246983522DF9FFAFCABBF8AD4EA8A96DEA8FFBD3927193F4550E7C8
                                                                                                                                                                                                          SHA-512:9CF78D51FD051FC95620F347D2392EB466F6CE5363BB988F461BCC3AF694BE4FD24C69B399984CC327A414F5A57DD124F0A9E265337F131F540D2CCB89C6121A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(i[.l.5.l.5.l.5.ep..j.5..e4.n.5.7`4.n.5..e0...5..e1.f.5..e6.n.5..f4.a.5.l.4.F.5..f0.+.5..f5.m.5..f..m.5..f7.m.5.Richl.5.................PE..L...Ir.^...........!................................................................V.....@.................................p........p..x............2..x...........0...T...................,...........@............................................text............................... ..`.rdata...C.......D..................@..@.data...L/...0......................@....qtmetad.....`......................@..P.rsrc...x....p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Menu.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3132
                                                                                                                                                                                                          Entropy (8bit):4.814273270880492
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg915Q3JFw0cw/NtPCccswXO:nd5CB7fdpF0US3v5l/vCccW
                                                                                                                                                                                                          MD5:C17D3D7BFB6888203D88C2C8E5391B7B
                                                                                                                                                                                                          SHA1:9A3F9E3E37F513AE66BA4B6C012B2B7FA3906890
                                                                                                                                                                                                          SHA-256:071F5C638437BBCB3C6992FFA69F4A459F148D060C342F1D0F5E6C122201E743
                                                                                                                                                                                                          SHA-512:707414AA1ECA3B3B8C4CBAF1E39632FE495E60BC9E8D602AEE89A7289F71EB81466E7E1411A929AB50BB924636820109EF2801EB92D2A790CBE8C1A4A7DCF988
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2515
                                                                                                                                                                                                          Entropy (8bit):4.821005781824648
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhuQ3JFw07mX5:nd5CB7fdpFGx3v57q
                                                                                                                                                                                                          MD5:D71025F7D7E9ED4129595A7A0168BC8D
                                                                                                                                                                                                          SHA1:A2EF2D3D093BE18BE7FBC220EE742477C1326222
                                                                                                                                                                                                          SHA-256:E84583C39B610DBC2E89B9D284E6850D4DC80FD7C2151BA3A55D4BEA9926262A
                                                                                                                                                                                                          SHA-512:09BEE1B070EC4B7CF3235F65FD4294816778D3BD263C6CD3EC42A6C31A33ECC5A2B4CAB6A7D03DB276AA6D7110DC2D304B2460205B064C1399E4442E948469D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuBarItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2994
                                                                                                                                                                                                          Entropy (8bit):4.804111096356225
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhBQ3JFbtoMokXxtwwX68:nd5CB7fdpFGa3vpoMokXxtz
                                                                                                                                                                                                          MD5:8ECD638D4ED2FF8B1803D1D5196C1556
                                                                                                                                                                                                          SHA1:5595E12AD1A6FCED601F2A2F4D0FF911F8F0FE58
                                                                                                                                                                                                          SHA-256:25267737CF4A0430631BC80B509647B605B903D9C2BB39A7D0FA05DF3939F5B2
                                                                                                                                                                                                          SHA-512:D81E449DDAD983AB9B89B4C5F8B28A7713D7FA511C0FE23A917E87E4F62992B49D3E24B0C14C50B3E392E6F974ED92B0DD08316752D4DF18EBB86E6982D4113E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4379
                                                                                                                                                                                                          Entropy (8bit):4.80556368692418
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgFQ3JFbtoM9Zxe/xecakXxntM44QY4jX8swX/:nd5CB7fdpF0X3vpoMtQskXxKLyM3
                                                                                                                                                                                                          MD5:B05869D66C6D02AEA7FEB9CA883D8946
                                                                                                                                                                                                          SHA1:8ECA11E561E4C52DA3D3E6C8EC32A8D640382E30
                                                                                                                                                                                                          SHA-256:2AD146A44A773E8105BBA1A9A1A2552D4F64C0990C7EC48E3A98D59044398BC4
                                                                                                                                                                                                          SHA-512:C55D6326A1E0C68D36DA8272C3BFDB5B1060088617E78BD76B4257C71DF02EE3C4C927268E5FBBD46740FC68BE41C3A95B50E1B4B77048581C2D679470636D12
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuSeparator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2442
                                                                                                                                                                                                          Entropy (8bit):4.839225593423535
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg5DQ3JFbtrjyA:nd5CB7fdpF0V3vpP/
                                                                                                                                                                                                          MD5:B5F15E86F80B2304F2AE672FADB3EE96
                                                                                                                                                                                                          SHA1:76A5C6EF45C9A05B5EBA7A7907588D69462181B8
                                                                                                                                                                                                          SHA-256:58A848C945814A0E233E775DC308F719FAB3790026687790D66B7974408C5F6C
                                                                                                                                                                                                          SHA-512:9D4B8B45B03D2B41AA44A256BB2A02BC993988E8FF4C52128895C27EACAB1E16A0FACB519132578EEA67395ECA27F2473D8C4A46BF1AD4814C56C91D04E27B50
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Page.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2604
                                                                                                                                                                                                          Entropy (8bit):4.774696392771712
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgOQ3JFm0QuLYupz:nd5CB7fdpF083vn3L/pz
                                                                                                                                                                                                          MD5:761015C43D3CB38D4A0E8A0694CA39F3
                                                                                                                                                                                                          SHA1:245BB0B79F994960BBDDB609CD0D143B905EEEB9
                                                                                                                                                                                                          SHA-256:4D4AC1104FD58E70DF514B2AB5D46B037BA489CB96C64505A3D672ADA6CC9884
                                                                                                                                                                                                          SHA-512:E3B37BF9AFAEBDF05B9F4A47810FE0440560E521CFB91FF5B31B4723704339AC5533C04A7AE845760F4968AB53CFD0CD8E0C4597D41A1C31254812ED07C6F259
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\PageIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2763
                                                                                                                                                                                                          Entropy (8bit):4.829470306877085
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg3DQ3JFbth60+FZZ:nd5CB7fdpF073vph60+Fz
                                                                                                                                                                                                          MD5:29A933813837994A869AE9839B1C3D26
                                                                                                                                                                                                          SHA1:C29B1149A39BCFD5194510A6679B01826C8C82CA
                                                                                                                                                                                                          SHA-256:43433AF6C1F53A570C8CFCFDCCDFA41D8806CBFC9F1BB962CA12EA46CF4C0A6D
                                                                                                                                                                                                          SHA-512:1266AEBD949CA874EF9CD01E834F005F80B70451D3F83AB0812CD7E5D3C2DC993E9620D4762983D8A29145112C737AD9E98BB2E6D59C2D1DA6A9AE4B74466472
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Pane.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2331
                                                                                                                                                                                                          Entropy (8bit):4.838692827239353
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg/Q3JFw0F:nd5CB7fdpF0F3v5F
                                                                                                                                                                                                          MD5:D55630888288DE076EA18EE14D8CFF45
                                                                                                                                                                                                          SHA1:D598CDD2A146D976F577CE49885CE0FDB60462D2
                                                                                                                                                                                                          SHA-256:B01825029C2139A4ECF9BC1CE3C1379D19F4A3D7F8635BDBC0A9DBC28B13C2DA
                                                                                                                                                                                                          SHA-512:6C5C2D322F18385BB9706AED40921DD258E49E4B9B0DCED4C44D1097206118291F06FF4E4BAAACCB15101EE9ABF9BC90D70532856EEC9C404802350D05986A3B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Popup.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2592
                                                                                                                                                                                                          Entropy (8bit):4.855929209866687
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg1Q3JFw0S:nd5CB7fdpF093v5S
                                                                                                                                                                                                          MD5:D03D6CF824C899D2FF247CD0A474D986
                                                                                                                                                                                                          SHA1:DB54B862972C8D722C1DB47B3251975066B230AF
                                                                                                                                                                                                          SHA-256:75C32398761D16E0E875E26E9584EF67CFCD1A1F4F2938F3C86A57E17334CF2C
                                                                                                                                                                                                          SHA-512:065EB0674EB7BF0AA3C7CCC90E7FEDE654674B17E4074A9656C3B36CC37F6AB21C28CD30540360BDD7E497055F4D1C6A35E4874AD27F6B0DCD29C29D82DA0EF9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ProgressBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2735
                                                                                                                                                                                                          Entropy (8bit):4.8163289625337455
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhiQ3JFbt8zexozakWsfKOZ:nd5CB7fdpFGl3vpOeeza3OZ
                                                                                                                                                                                                          MD5:0BFA56149AFF7B45DED9F77C9CC85F6E
                                                                                                                                                                                                          SHA1:66CF64F0A9994224CF85C3080B59A93B28B2E6CC
                                                                                                                                                                                                          SHA-256:70000725A412BF884244F5E7A170A23BC2F4B96BE636C42F830067FA3F4FF728
                                                                                                                                                                                                          SHA-512:9FD5537CEE85B45106C8604BDE0528868B7357A11B02A8EFBCD63FEA8E8206620F3AF6D3D3CAEB33B6F80D4AD49F13FB97FFF3B1AAC76404FE2D891C6FA097D1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RadioButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3713
                                                                                                                                                                                                          Entropy (8bit):4.773769607411336
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgUQ3JFbtoMbW0J4qkofqG0xeskxJy:nd5CB7fdpF0I3vpoMb5TsGgWo
                                                                                                                                                                                                          MD5:8E2E42B0CB63F3B7F68F097CB97B0E71
                                                                                                                                                                                                          SHA1:454F9AEE8A0396FDA827B445318FD320C11AB1C3
                                                                                                                                                                                                          SHA-256:114FF5020E93592ED84368576EEC23AB3F999129D8C2BBB7FCAFAB3603FC28D9
                                                                                                                                                                                                          SHA-512:498F75A42BED01A02503870A3DAA245E2886DDE219D5728D818C3D7A9BCE28072BC74E4FBB493EE42B83FFA05131C958D4525A6E28EA914AB815C2DA25355932
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RadioDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4169
                                                                                                                                                                                                          Entropy (8bit):4.758093410324449
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg7Q3JFbtoMhxeszxqkXx2M7XY4qkofqvPwX86:nd5CB7fdpF0v3vpoMjLqkXx2M7ITsvyZ
                                                                                                                                                                                                          MD5:2B788400464D9EA3E1B0A465FCC23958
                                                                                                                                                                                                          SHA1:1D7368BA133BE85DA3D64E37F6986AD55864451C
                                                                                                                                                                                                          SHA-256:B3DBBFC1472B5CA9F5C836AC14BC847E878155AFD875F81CB600A9EC769F148C
                                                                                                                                                                                                          SHA-512:A66E39223AA6568C3BBE597A4FF93FF042EEA117E7B8A0AA6A0319F109D4E3D8D1B869311FBE0C78062E6F8BAAA98F5FA0C3EB548568391234496813D2410562
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RangeSlider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5005
                                                                                                                                                                                                          Entropy (8bit):4.758902637937423
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF033vqSEJmzpFmzhbngPdgcH8:nd0Bhp3SEWM0gV
                                                                                                                                                                                                          MD5:7E419F94FB2F5B1B4C956D66FE04F313
                                                                                                                                                                                                          SHA1:A6A337439BDD2233D727BC8C55FD85966259A01C
                                                                                                                                                                                                          SHA-256:81A2A87DF4D44A5023170189DFCE8076FE8C420B8D6912FEC23249D56A8D6D0E
                                                                                                                                                                                                          SHA-512:595B430F0CB3CD8256A9156C859E48CE38FC85EA73EE60E2F1F32A00B53F965B14520637ACC723C50F06775142977641782DA4B3A27AF430106FCE6CED85F7A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RoundButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3633
                                                                                                                                                                                                          Entropy (8bit):4.778438090721813
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgHQ3JFbtb3kXxEzwwXBpcWr:nd5CB7fdpF0L3vpbkXxIdWW
                                                                                                                                                                                                          MD5:42A33AD9B25996DA051E4A496628F25C
                                                                                                                                                                                                          SHA1:7F49BD32C739ED2378C246104C1A71434C5A2842
                                                                                                                                                                                                          SHA-256:3F06E0F1CC2222D5AC39949DD6AA50C5BCB88BD9BFECB0330CA6ED62A46C53F4
                                                                                                                                                                                                          SHA-512:9BFE3C9AB1D671974078811121D1DC37F69810AFCB58BF95BFBCD19CE4CD257B262C3A3BCECAC69BB9636F4A0B34A58D85FCB0D3FF4E251F85517A24884C9724
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ScrollBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3211
                                                                                                                                                                                                          Entropy (8bit):4.8343887210632195
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg1Q3JFbtfSQkBLIkF/3ys5:nd5CB7fdpF0d3vpf1kBXJ3yG
                                                                                                                                                                                                          MD5:B851CCBD1786C616CD8C1B069DA5C640
                                                                                                                                                                                                          SHA1:860B1A5338B05FA821EA4F168AC76D894B9C2130
                                                                                                                                                                                                          SHA-256:ABE6BBAF5F31E5DEDA3086423EC8935BAE426F945A5532701982B3E1206857FA
                                                                                                                                                                                                          SHA-512:45CAD29A8569C5F48679D5A447942C7565988E3C1515522256E9511B5265702DC2BA5BC441D848A8D25ED36A80C5BCB56CA59C0C9CD14BE195A5094BF5846698
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ScrollIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2981
                                                                                                                                                                                                          Entropy (8bit):4.75619578796289
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgVDQ3JFbtnLSNxAF/k+isH:nd5CB7fdpF0p3vpnzJxia
                                                                                                                                                                                                          MD5:9FA5611A631E0FABC7C35433CC09E93B
                                                                                                                                                                                                          SHA1:689C9ED60D1F34DBB63C3B6549E471FF081D9601
                                                                                                                                                                                                          SHA-256:4E33A27C70ED092B8FF5DB889A6F2ADFDFC780525AC462E249CE428804C9F2E0
                                                                                                                                                                                                          SHA-512:3646644FE2A3FE69448986BA885899AFEC58772D5D54395DB0FA0B0E5E62F83B8C6B882D4FFF6B082E00E6B160EC1866DAEBFA119E11A62EF699EC77FA1E2D02
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ScrollView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2725
                                                                                                                                                                                                          Entropy (8bit):4.818398008330529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgdQ3JFw0i54l1K+h:nd5CB7fdpF0v3v5iCl8e
                                                                                                                                                                                                          MD5:4CD5AF2ABBA5A14956D162EEF759C371
                                                                                                                                                                                                          SHA1:689777D7AC3CA08105F3BE4CEA92C655F236C9B9
                                                                                                                                                                                                          SHA-256:E133806D109716F7B355F1D643A18FEE659A64ACC1D8E27089A568E82EB4D3B4
                                                                                                                                                                                                          SHA-512:9FA50C54708C0C29638D69E96FC7372A1B687E6E678C6169A11AFEAD7EA561C69AA116AE0D9F05A40B7D5AE4BE4459F136C09BF3CAFEC67703F7AEA562A36FEF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Slider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3923
                                                                                                                                                                                                          Entropy (8bit):4.794707446109668
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgQQ3JFEIr86EAwNm8JOb6EAM/y24YOdh7q:nd5CB7fdpF0i3vj8Bm1DngPdh7q
                                                                                                                                                                                                          MD5:B469B132AE469ACCA3F396C4BC1886A5
                                                                                                                                                                                                          SHA1:98A9B96BC9BD4CFDAA84871813517524099C3474
                                                                                                                                                                                                          SHA-256:2B435D4E44817A589654C2A41D7758795DD1E148FDDFD9E2E192D1279D354FD8
                                                                                                                                                                                                          SHA-512:625762A0904D48BA78A662D94A03689DA7CC9287DB729FD036AA7A4D184E68B5AD78FBA2BD86DBA5102A9A146A94D8B3B7A5736756767AAD232E4997F96D6ED4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SpinBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5365
                                                                                                                                                                                                          Entropy (8bit):4.629971532594098
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF0X63vARkq3NjK7+b5SnATMSWAlQ:nd0BhpLCM
                                                                                                                                                                                                          MD5:70C54E305C8ED6278387D1605EC35B53
                                                                                                                                                                                                          SHA1:C274B2B47C217AAAD29558E80AA91405F28D1599
                                                                                                                                                                                                          SHA-256:7A8A219B1E85FDBDE2A49C168706CB29C41530720CB4E9D082492104A49F1A0F
                                                                                                                                                                                                          SHA-512:0ABDA48253D43B0A9AC7FBCBE34D3D1459D6BED94A9C16DD0EABEC464536743E7CC70931F81DB3AF6EC50E2F2C0E8A5F343EE8F0869381E046AAE511A12C2C46
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SplitView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2605
                                                                                                                                                                                                          Entropy (8bit):4.853125997394258
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M55H6E+iCsAaKj7fOWIkFy9LixgQqJFbtyz6V2f:U5CB7fdpFzqvpy2g
                                                                                                                                                                                                          MD5:A0671680A70476FE755E8B4E69A9084E
                                                                                                                                                                                                          SHA1:D1CFB08DE1F3F4295C6A16C1532AAB70379032D3
                                                                                                                                                                                                          SHA-256:FA338E11C1D5CA56D42BCB1952C307EFAED89FF9E62870A768C5CA40F3BC4875
                                                                                                                                                                                                          SHA-512:349022AEB030E6275ED6162B29B3D80105F94554101C058C59F112BAD9205112D1F4442B587837AE8846296EE34D553F9029CCD1401EC019E7E7429EE96E835D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2018 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\StackView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2879
                                                                                                                                                                                                          Entropy (8bit):4.918905834543331
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9OMmRQq8vSKSHzSQx:MCd5H6E+iCsAaKj7fOWIkFy9OMeQpAF
                                                                                                                                                                                                          MD5:8A40D2C1EC0D67DF4B7380EE96157B2F
                                                                                                                                                                                                          SHA1:2550BE9770EF8996F37AE469769321606E907AAF
                                                                                                                                                                                                          SHA-256:CFAF9A1325B36060F9E7489E80A5462F11F9FA99E5F78E4DD6D6DD0B10222F09
                                                                                                                                                                                                          SHA-512:44893E3226FEE75D6DAC97CA34C6526998B908DE24E9C6423BF1B5E42883B06DE1FA2689564EFEA07DE409D16FDE63A2FEE519006796B475BC49098DFDE415A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SwipeDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3262
                                                                                                                                                                                                          Entropy (8bit):4.81695114339966
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgCQ3JFbtoMIkXx2M0PwXCrk:nd5CB7fdpF0C3vpoMIkXx2M0XI
                                                                                                                                                                                                          MD5:869738000F1E92572EAA2CD8A9BC2AAF
                                                                                                                                                                                                          SHA1:F531473E603BCB8DEB57DDC425CE2C03EFA47A7D
                                                                                                                                                                                                          SHA-256:D46804EE223180A03C18B4525D9BBEA14E8C4A559908CFFB6924BFD2340BB83F
                                                                                                                                                                                                          SHA-512:38DA3A172D40E99F4BAAA2876474FDF937A0400A4F1A3894E3F65C026D55D1BB2D211A36201F2D5092E490627F5E50BDFDB7D2D2854FCADEA99C58FF2C7F04AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SwipeView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2821
                                                                                                                                                                                                          Entropy (8bit):4.8381484195048525
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OM8Q3JFw0IJeSaVzdSw4:nd5CB7fdpFu3v5I3aG
                                                                                                                                                                                                          MD5:CEBDA1281CE7EC8EA1D962680730C66C
                                                                                                                                                                                                          SHA1:965F242782FAE447EA9BA757E066132D1AC2B545
                                                                                                                                                                                                          SHA-256:790F1CF3FA94FD7C7ED4741121EB8DAEF603FCDF07A9C43D1B9B3B147CBAAF6A
                                                                                                                                                                                                          SHA-512:C0D666A10E5868B085CCA0AC5B7A0E0C6D93EC114EB5FDBE382FAB1284B8C50756A7373219F0A3150A3BBD201E595E6F17883A9D8983AA18C88E050E401E069A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Switch.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3947
                                                                                                                                                                                                          Entropy (8bit):4.757657645064246
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhiQ3JFbtoMSqq0J4FsAlQo/iRJzT0xeskxJy:nd5CB7fdpFGl3vpoMSI81i/TgWo
                                                                                                                                                                                                          MD5:00631CFEE04C7AD041504DB617D36014
                                                                                                                                                                                                          SHA1:46921019213C2B2AC33965FB6763EFCDBE19E2C7
                                                                                                                                                                                                          SHA-256:D2696E10B1054C586A6264C20A4EA70920D947C2C03A1C0FB8EE1261978F701D
                                                                                                                                                                                                          SHA-512:26F25C312555483AE6F54462E3ED9DE5BBF1226FA9B231EDF5FA2956E3611671E3B5000844FF2F7F8032A8E1C83B3C4E7DBEC7DA22B6368445FB524BA33F17AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SwitchDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4489
                                                                                                                                                                                                          Entropy (8bit):4.751534437214193
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGu3vpoMcC81i/sLqkXx2M0yZ:nd0Bhp3Jx81lxv1
                                                                                                                                                                                                          MD5:8C5871CE80D0FF65E57118453E21226A
                                                                                                                                                                                                          SHA1:15B39A26A689B373C5AF907B34C691BDFB0A67AF
                                                                                                                                                                                                          SHA-256:558C928F3C74474C829611AA29D54EED9C598E0213943FEE88A54692A81A7BDD
                                                                                                                                                                                                          SHA-512:E05DA99F8436E1CDB892E6AA5BB4183C53348D312E7BAC827FC07141C31B4143D24A6715D3D229B4346006A4F3E9EC8A00C973BE1AC3D54F6097705F173C7F85
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TabBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2773
                                                                                                                                                                                                          Entropy (8bit):4.839153998426681
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O1Q3JFw0cwlcZiSH59:nd5CB7fdpFA3v5cNIy
                                                                                                                                                                                                          MD5:A74E49BB19F90DF902A3EABD598A0A53
                                                                                                                                                                                                          SHA1:C43A49685D43F3425FFE4BB409C9BB0DBE640654
                                                                                                                                                                                                          SHA-256:54FA946D021F78B2E35B38F3769B036F5943259F86C28B4362E184FAFCB9AD01
                                                                                                                                                                                                          SHA-512:8D47E4A041CAF6D758049158F1874E98D1C5923E9DC5C8150219B47A4B3F3548F5CFCF88CB3A03CDBE9D0237A9DE9C2788F41935461BF8F5EFDF3BA8DB864626
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TabButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2987
                                                                                                                                                                                                          Entropy (8bit):4.798051662963486
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhggQ3JFbtZckXxNKXCXi:nd5CB7fdpF0Y3vp2kXxLy
                                                                                                                                                                                                          MD5:9C1CA9A17DA0491B998E87B62643E567
                                                                                                                                                                                                          SHA1:75D4FEB4CAEF7F61657B6127B13C18B6B88F3E4C
                                                                                                                                                                                                          SHA-256:777DC9EF7B8278285AF9844E0F465347D321D0F5B9425448E1891F78257A0085
                                                                                                                                                                                                          SHA-512:D3FC772CB97A5A9B91C5D4878913150EFBB6E3AA96CFD5D2E056F90D35A862465F4965F2F6C692C9267D772E784E8451669D6AB52C952E49AC4002DB0459CC81
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TextArea.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3313
                                                                                                                                                                                                          Entropy (8bit):4.81341500049657
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgPQ3JgZLzA9Uujygyi/5Ct:nd5CB7fdpF0p3ONsUu+t
                                                                                                                                                                                                          MD5:7522606A7EA70E450F859848C41FC134
                                                                                                                                                                                                          SHA1:130B6277CD65CBDDBEA007D22A9B40A7F3EAC14C
                                                                                                                                                                                                          SHA-256:F912C4DF59C22B53F85F0BF0C5C7BE178DFC66CE2C328C86598FD6C931ADC1A8
                                                                                                                                                                                                          SHA-512:7F205F9BE5189BE424E210AD461675C2A44C58A0DA1C1763A7FC4B141CBC10448172C4B59B3FF2A756CD8F9E860C28F010499256ADE1C392C3899AB198A4FBA6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TextField.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3571
                                                                                                                                                                                                          Entropy (8bit):4.831582188655847
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhguQ3Tw/nP0p9Nj+jygyi/5CyswXZA:nd5CB7fdpF0G3TcszNi+yS
                                                                                                                                                                                                          MD5:1DA0C6339D4E766DF8F478C718CC19FF
                                                                                                                                                                                                          SHA1:C7A79E0772D9D97E86E614284638A89752EBF0B2
                                                                                                                                                                                                          SHA-256:8F792EBEA56C72FB291DFCA0DB0C5D93A1782924781008E355504F5F14AB59DB
                                                                                                                                                                                                          SHA-512:5A39FCD79913AB20D71D91FE400FFB535509E22993D3C6EB2B0B6BE32589FD61F4059FF16D35327377BB2E885FA4FCE7F3AD965A7CD13F684ADA7D1D25B579B2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2343
                                                                                                                                                                                                          Entropy (8bit):4.839387606601536
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgwQ3JFw0YX5:nd5CB7fdpF0s3v5g
                                                                                                                                                                                                          MD5:FB466EBB67A6A80E86D318EAEF23E359
                                                                                                                                                                                                          SHA1:C83442D520026EC261BD31479FA80F6FF3EBED01
                                                                                                                                                                                                          SHA-256:44EF02AD2FB1680D9C8F07E860F31F6559D317688211D6866A48A7D9F61779FC
                                                                                                                                                                                                          SHA-512:C46F838DAE07269BA496F38C1B1119C5A9F9BCEA9DCF9B975519AEC350209F827623C74A2412FCB66188A11BF9A5F57A5512720BC8AA41790419848E12234DAF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2998
                                                                                                                                                                                                          Entropy (8bit):4.8220367527818055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgjQ3JFbtQkXx+ww3F2:nd5CB7fdpF0h3vpQkXx+L8
                                                                                                                                                                                                          MD5:EF218CB8A8AD482B657573BD7BF1D11E
                                                                                                                                                                                                          SHA1:0880EB6098F5E2FF13D5B4130CDD53CF10FBD0FC
                                                                                                                                                                                                          SHA-256:CFFA07A4B74ED396E974854782CA8AF88EA8938A99D6A4CF00808133FD609F0F
                                                                                                                                                                                                          SHA-512:2231A1AA47A497126AE67B89F76270C5EA2BAEFD4954BB90BB9D33B1DE6C4383678BB4CA9FA16969A057925B8F7F4204455920859CA2E814B75F32805E33C606
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolSeparator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2492
                                                                                                                                                                                                          Entropy (8bit):4.8422185369621795
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgmDQ3JFbtUiBuXA:nd5CB7fdpF0G3vpPIQ
                                                                                                                                                                                                          MD5:632F3D71CA4A76906A199FC0C6CA735E
                                                                                                                                                                                                          SHA1:AE225C531BA08EC3C7809093E3FCE347822916F9
                                                                                                                                                                                                          SHA-256:7CB420E0DDE01C0B43B97FB0068CFDC4B48802201583098F5ABF129D369FDDAE
                                                                                                                                                                                                          SHA-512:5C55398B8B5855D056E4F9AFCA4F687B2D8C4295F67E98AA2B029B99C94BA8A1D0BAD2E0768A7A3918E517CBA3589F89CDD48ECD10C38A3535E606CB761AF8F8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolTip.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2763
                                                                                                                                                                                                          Entropy (8bit):4.861346233395539
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgwQ3ohgJFw0JWO:nd5CB7fdpF0s3Fv5JB
                                                                                                                                                                                                          MD5:A43B5FCFA6BDE733516CD4250DE39BA6
                                                                                                                                                                                                          SHA1:40AB2E0C3EC63FE53EDF25100EE25AED14DC466C
                                                                                                                                                                                                          SHA-256:9ECD0A2492D7E7CC41300688497A7F9EF312164173C3BFA59D619C513C36A843
                                                                                                                                                                                                          SHA-512:E83780D602EC46E0A6E7D2BA65B3140F942625B2AB7098139FCEDACB829FD2C097B87F30DF61638C28A2BA1914F42C7B4630298BC237680F787BD9433FE4BA3A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Tumbler.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3289
                                                                                                                                                                                                          Entropy (8bit):4.813708726729087
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgwQ3JFI4Ctf9KuGlZusHPwLA:nd5CB7fdpF0E3vI1UrwE
                                                                                                                                                                                                          MD5:41B49164E4FEB96D77779D1430D3AF6D
                                                                                                                                                                                                          SHA1:5FC6ACC09EFDB6354F676772C06871BD6CDA04A9
                                                                                                                                                                                                          SHA-256:FA93702565F433661EC3CBF5B9A19A491F59FF92C6B3D45AE83C3FEF44FBA27E
                                                                                                                                                                                                          SHA-512:327F66898AFA927E722F0494CDC68D4424F6A11307E2D47FBB67FA7A12E22252262FAF15C1E68397A836CA5B9AABC68166092F5D56F234B226544126C3DDF6C7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ApplicationWindow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2442
                                                                                                                                                                                                          Entropy (8bit):4.86493156112326
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OC9igaFk+BrvTd:nd5CB7fdpFxNF7d
                                                                                                                                                                                                          MD5:30922D0121AB46D783CE0BAB31858914
                                                                                                                                                                                                          SHA1:EA686E62CAA788CC849478521D6163F9F5FE7DDD
                                                                                                                                                                                                          SHA-256:EE81D32E871BFD35E69F8D16D3FBB532B048B118CD36E86800198939DA8AEC29
                                                                                                                                                                                                          SHA-512:23A191CA9AD0389DF183B12A1EFB54473975360EE0AC57C39CFF3D60CCAB8EB4119E69FA387CD80F3E0DBCF10EE5A833E8602ED4188488223DE6723B36E442C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\BusyIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2614
                                                                                                                                                                                                          Entropy (8bit):4.866256211674586
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaADQ3JFbtlSIryy:nd5CB7fdpF6Nv3vplX
                                                                                                                                                                                                          MD5:6AAC2170F96C64FC76DB9495FA8CC758
                                                                                                                                                                                                          SHA1:1C1BB6B6348DE7F5ACFECC70A33E5E4D9CE29DB7
                                                                                                                                                                                                          SHA-256:2BC48326FF3F96C9B45BDB9F40D58C4247F0A3FAED1B6162053E62900DB29681
                                                                                                                                                                                                          SHA-512:7B01D6C7DEBFEE278C3E1798F068F6E677473969188CF6AF88FF6BB94D1D70429970D285322CCC9B98B1C1C0CB47AFA82FFC7BEEEEF3A24D8B9F265751E29032
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Button.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3611
                                                                                                                                                                                                          Entropy (8bit):4.7680902199349715
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiaQ3JFbtdCsuI/kXx5QwMyUbcAx:nd5CB7fdpFGn93vpXkXx5QQUbB
                                                                                                                                                                                                          MD5:11876909BD8C572FCF9C68D861D81741
                                                                                                                                                                                                          SHA1:344F99132458B884F2D194E24AA81A64D973C900
                                                                                                                                                                                                          SHA-256:0BAD423B02C2011707A175A5A0419012D76CB347564E2B755D1556332CFEEA5E
                                                                                                                                                                                                          SHA-512:429D31F52DD66D2FF6BA7AB0C57BB44FC49F98BCB1116278BFEA3428BFA0A321A48DBF294791590541E502B6C4DC31645F3CA80C4C364FAA1BD89E94EC5FE497
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\CheckBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3231
                                                                                                                                                                                                          Entropy (8bit):4.833735206635413
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iga6QQ3JFbtoMJ510J4i0xeskxICUlLQ:nd5CB7fdpF6N03vpoMYRgWpD
                                                                                                                                                                                                          MD5:1E7B9504E295508689B5970DC46D0BCF
                                                                                                                                                                                                          SHA1:165AF8EDCCC0BD2F1194B4C7ABC2AA01906CF23A
                                                                                                                                                                                                          SHA-256:5D949874D613C39F067E6C8AEDCED87C89041D812C82C8C9C99A940FBBBE6DD0
                                                                                                                                                                                                          SHA-512:E6E3129C374F0C2E52D2CA70F87B8109EBB949CE40B0F15125C92AC3CF77A419818543ECC3541ADBADD823A703B503481DC51794B7DCBC97EFBF5B4501742901
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\CheckDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4189
                                                                                                                                                                                                          Entropy (8bit):4.819183062317373
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGnNi3vpoM24SickXx2MIb+n:nd0BhpFJ245xvBn
                                                                                                                                                                                                          MD5:EA2A891E3ABA55F35659D09FF6234EB3
                                                                                                                                                                                                          SHA1:E6D71E1AF8A90B52C609395F55D3667C67EAFC63
                                                                                                                                                                                                          SHA-256:CCA48AD0B22E517AC4487713563498EF4C742773E9523667FB89EA16CE1F5384
                                                                                                                                                                                                          SHA-512:E46C4BDD6AA941751503D42484B1B55F5B96D6C907044E66A979633C0F632C925287B6147AD348379A13A0B3D2BCAB6A71D642B089B7F12D1AE3644CBF5E3488
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\CheckIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3964
                                                                                                                                                                                                          Entropy (8bit):4.847429026644494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgifSv1aTHliQ1WQMaLb:nd5CB7fdpFGnfgoIQEu
                                                                                                                                                                                                          MD5:61CDD8891A294B6B2494E99C618867AA
                                                                                                                                                                                                          SHA1:2EFB0001159C56776B8990D4D8201AECF662C346
                                                                                                                                                                                                          SHA-256:D1A8C5BB4368D063188614F256104D10B51D0AD1932B3B12E7E5F5022BE718E1
                                                                                                                                                                                                          SHA-512:31D5D96F7FAFF791A61DBFFB58B61E9021B9B4A2CDD53C30BB367A3A940B4463675ACE7301B5317351BBEE763134E66A31DADD4E5F59BA46037FBE1BA6C1CFE5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ComboBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7140
                                                                                                                                                                                                          Entropy (8bit):4.737901941968685
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFG3vpoMkhBW0UpMbYRzH/Yru94+q6JQ:nd0Bhp4Jk+lXhAuB8
                                                                                                                                                                                                          MD5:33ECF34EF4AB9B26E8185E8DFC4FB60C
                                                                                                                                                                                                          SHA1:BA125DBBB1E1DD74EC86B6DE46EDA9E17336F7CD
                                                                                                                                                                                                          SHA-256:A4831079B74D2F56B5346CDEE77527368E8F06B9B5968CB748F3109D7D2B50F7
                                                                                                                                                                                                          SHA-512:3781C6899A9433719C2A9AD7264BD05909AFA8EF1948424200870DC3266F0E9BDCC0A62E2C47E0E2C175FCDAD7E233A6A2668BEA9235E3044B4E2FCB02366661
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\DelayButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3597
                                                                                                                                                                                                          Entropy (8bit):4.76073627095022
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iNrQ3JFbtdCiwrE0TCEGlLLdvyAuKzbcAx:nd5CB7fdpF6NU3vpkr4vdaAdzbB
                                                                                                                                                                                                          MD5:B980189F05C5741173E22F64617CB55D
                                                                                                                                                                                                          SHA1:DECD107743FDC3EA0A3D6B7143FE5EAF2E32184D
                                                                                                                                                                                                          SHA-256:06AB47615A79986D559A5CB7FA39B6D54D12DBE67C4AEC1265345B30459AFB27
                                                                                                                                                                                                          SHA-512:B94A65E82A45CD2394C272405AA410020072C0992127E86AE2FEA37EF100C63BDA5AA40D2E72F24DF897FD54034588B166D8DFBCCBDD0EE32FDBC007C69ED4C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Dial.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3648
                                                                                                                                                                                                          Entropy (8bit):4.790213481862165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igQ3JFHCtLFPif51ca5f93ori52/9yiX3FJ:nd5CB7fdpF6z3vCB6f5V1si5G0inFJ
                                                                                                                                                                                                          MD5:F86A18F068D4B114D1430152FEFA2152
                                                                                                                                                                                                          SHA1:D585869C1E698B95EC300C979F23573C6693EA8D
                                                                                                                                                                                                          SHA-256:CA78F83176C643CAAC68AA49DDFE09302B5ACBBA09CAED32804925AFB356C0F5
                                                                                                                                                                                                          SHA-512:461843598BECFD9BE8196C3D84A9146733A47692AE1BB861DE378729DF25729C68426DCC53BAA79E4A97871D96C72E52C94AFB23A8F9590BA64470A16340C3B2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Dialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3544
                                                                                                                                                                                                          Entropy (8bit):4.780414940069658
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MiWQ3JFm0QuLYupDDaSERbLXz5/15Uxb:nd5CB7fdpFLZ3vn3L/p90jW
                                                                                                                                                                                                          MD5:983488B33F7B24FAEB8AD92D60CFF4D8
                                                                                                                                                                                                          SHA1:11B29462C0EAB1AA5C854AC5D491656DCB69DC49
                                                                                                                                                                                                          SHA-256:00740BC73B27262B9F14003A5C86854596F2606FD1F0E20941E007D6A64D678E
                                                                                                                                                                                                          SHA-512:B9DAF80DB07128859815814D5D48963BB0A055503D2C7EB7724C439FBCC699635363A4AC78FE531A8587836AB9F689CD5BB31CD39E3FA969CEBEBD8EF207F56A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\DialogButtonBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3141
                                                                                                                                                                                                          Entropy (8bit):4.877469106235129
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mi3Q3JFQeGYtaC82GwRCwec8P:nd5CB7fdpFLg3vQeG0aC82G0CH9P
                                                                                                                                                                                                          MD5:A01F36E0280CE5B1C7B45F5BA6DF6432
                                                                                                                                                                                                          SHA1:B6CB5C6EB8ACB74E2F3280237E9E55FB6CE24028
                                                                                                                                                                                                          SHA-256:E64EE9833E08D9E2C50AB44889748890B82DFB759A4B4D02599A7EF915F991DC
                                                                                                                                                                                                          SHA-512:CC2DF4237ECB1A18B14C1EB52A07453D170475CB6AD56E95ED858F3FF27C8A82D600E63858CAC85DB6595940641C794EE0AED84FE5BD2F40A09316C357851954
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Drawer.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3272
                                                                                                                                                                                                          Entropy (8bit):4.855458889295017
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iPQBJFw0t/hnMRxWQyxb:nd5CB7fdpF6YBv5Zh
                                                                                                                                                                                                          MD5:F0FA93B831920358072547A9B83A20A8
                                                                                                                                                                                                          SHA1:EC661FF54B0E1294E1E68760B5254B01C673AE01
                                                                                                                                                                                                          SHA-256:27DB95473D7270B21036E7F7E5EEA66F63D606E134CD3C7A108DC398929670AD
                                                                                                                                                                                                          SHA-512:B051476CC81C3D802DE182F2869878A367809106C3F0F64973C08D2D240B331BD110CF65A200FA3A2CB8726D303C60C0DF310058E830BE0C9FFDA8CABE34A263
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Frame.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2362
                                                                                                                                                                                                          Entropy (8bit):4.840196634832251
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iXQ3JFw0Cb:nd5CB7fdpF6A3v5C
                                                                                                                                                                                                          MD5:3CE69D346524C41D081C5471B672535F
                                                                                                                                                                                                          SHA1:A6394A4198094D8E468C422CE3807EB3DA578F3F
                                                                                                                                                                                                          SHA-256:7A4E835E35B97A4EE774042C45DBD1B1250D80141D351734243C2FD25F938EFF
                                                                                                                                                                                                          SHA-512:FFB40E1A4059EA9517E710B2239E33799A54768BA7F72C981DA58B707B2D685F8D37459C9F32369B9B2109C5BFBF9220FC3397FF70EA9C211F9C9912B943CBBE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\GroupBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3031
                                                                                                                                                                                                          Entropy (8bit):4.815424548202451
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iqQ3JFd0iva9WLCUlLjjxVb:nd5CB7fdpF6N3v6ivaIOKjn
                                                                                                                                                                                                          MD5:28FA3B9968FC0E1369E0EC0E6F3962F3
                                                                                                                                                                                                          SHA1:356A461F7A6F569A8B37FF8A1CA0D63616DB4A0A
                                                                                                                                                                                                          SHA-256:F795B3BE2A6D4A5885D54CC00A1ECE95EBC707A11DDFBAE20546CF46673D07B2
                                                                                                                                                                                                          SHA-512:3C30DBFEE33949D24B55184FB620F080A65069EE04B89958E4C04028C9526DE5FB6C5F97CAB7641CA66C4A43981A697C6FCB9F0ABB10E971E76FB1ACD7E54E25
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\HorizontalHeaderView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2999
                                                                                                                                                                                                          Entropy (8bit):4.823707297757387
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvx8cqQ399tqYVtXFbbUWlF:L5CB7fdpFY35qYBb1
                                                                                                                                                                                                          MD5:057253DD05394B9B0BA19E242A7C03A7
                                                                                                                                                                                                          SHA1:48C95205EA7D791680F624E93F220AA9D8A26498
                                                                                                                                                                                                          SHA-256:7359789F86AE8789F63ACF3566662275CEEA14CD2F973CF4E9724C13408D7073
                                                                                                                                                                                                          SHA-512:47A1D0E0BEBD6595F1BC07DA9417BEFF15F84EACF2EE3C3796447E341E3FC2005C269C20604802DCF16E5D0AE280EA53256125284ED122DE3A5A8C73888DCF8C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ItemDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3649
                                                                                                                                                                                                          Entropy (8bit):4.82315689006633
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mhgi+Q3JFbtoM2Lu8kXx2MDUb+n:nd5CB7fdpFGnB3vpoM2bkXx2MIb+n
                                                                                                                                                                                                          MD5:41D103DFD6FBCDE9575E4ECC41C7AF56
                                                                                                                                                                                                          SHA1:FE4453DCEC366E3895A1D59880B9A2079C4BA277
                                                                                                                                                                                                          SHA-256:2BBE9E32EA491CAA7BBCE03064CB3E9329D660A01E107CD6BE2AD62BD4778FE2
                                                                                                                                                                                                          SHA-512:0C83963D1B3D68C933A2C7DEE78E689EF4130ED6BD217E511D927AC7E2B045CFD58597708A97342D0C6A0C938EF5EAA471096B1617657975174CF50C3900B1A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Label.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2013
                                                                                                                                                                                                          Entropy (8bit):4.823214903186843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9O9efFpdqQWyTQVNs:MCd5H6E+iCsAaKj7fOWIkFy9O9idqQ/1
                                                                                                                                                                                                          MD5:68118E5701B958BDB5ED8FA8CD5938D6
                                                                                                                                                                                                          SHA1:10CF3F2773B27BA97EAA4E9248FEE8E47C48652C
                                                                                                                                                                                                          SHA-256:CC3264DE0EF9416C869D7736EE50A30310E267D6EC890F3DE741E56A6D3608E1
                                                                                                                                                                                                          SHA-512:4BBE100386809F48671D50446059705A7C0B8D9ADE979ED0607627A5E79F78B69099648C6D8304CFCA96BE4088CDBA42A8F9225D11883979FAE368F1F3070851
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Menu.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3188
                                                                                                                                                                                                          Entropy (8bit):4.817952074436946
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OM9ig15Q3JFw0cw/NtPCccswXnaSE8xb:nd5CB7fdpFvuS3v5l/vCcc1B
                                                                                                                                                                                                          MD5:BD84F0660D08F74C3F59CA06C3A720AB
                                                                                                                                                                                                          SHA1:3FD62D094C83A1B6515F19174AE3D430490BD510
                                                                                                                                                                                                          SHA-256:BA728FE4C754FCA8A6D9B1A08A114928FE28A0FEBF947DF3B9EEB46058ADD387
                                                                                                                                                                                                          SHA-512:96CD5D78461F1BE5A5A69E738DD16E4C34C6D6B5E6A87DAA57BDBF61E4939F51D36AD74128766DD3A9A30249409E62FBCA225AFEF63801F7284E4977BAAA6C7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2568
                                                                                                                                                                                                          Entropy (8bit):4.835909043606398
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiuQ3JFw07mX3b:nd5CB7fdpFGnx3v57G
                                                                                                                                                                                                          MD5:6505E480F2B9926D4D2C3E5FA891545A
                                                                                                                                                                                                          SHA1:0653562C21BC00F36A09BA5E624508DB7E822F44
                                                                                                                                                                                                          SHA-256:C76E6D27C2E549924D626F3035E50C6ACB5C80C1E27F6F2E563DC8B7AD07DC09
                                                                                                                                                                                                          SHA-512:7A3A7854A0C687FEFCA9B2BF28E02BD530E0DBE6900BE6F0D1572FB719F2A954D74D8CFF81ECCE86697A8A383D0889A33CF05A62E9C82DF59E2EF53E4CCA1ACC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuBarItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3579
                                                                                                                                                                                                          Entropy (8bit):4.788049528540249
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiBQ3JFbtoMruLyZkXxp0ww5Pa:nd5CB7fdpFGna3vpoMRZkXxaFPa
                                                                                                                                                                                                          MD5:5156BFA9A79101C234B9104A3860ED35
                                                                                                                                                                                                          SHA1:C67A1E5141B65C476E0DC3C6B3210BA943C8EF71
                                                                                                                                                                                                          SHA-256:AC73F4E0DFBFB169BDD0EE604D3DA70A935C813262F49117E9D9EF7CEF9C460C
                                                                                                                                                                                                          SHA-512:A738FA57A38E929943BC740F3A0FBA0FD4A6D7316DEA6DA64C0F80235390DA9C0CE4F02FF238F56AEFF74F423B08F48CF1AC6052B8834D49CA743D0C0803CDC8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5073
                                                                                                                                                                                                          Entropy (8bit):4.803398406819676
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGnJ3vpoMRPQskXxZyas4SRPa:nd0BhpuJRsxZlspZa
                                                                                                                                                                                                          MD5:E6B30F84CB41750DA47EB3EC0170E226
                                                                                                                                                                                                          SHA1:63CC56C19796A4482471B6C7A48863F6AD754B6F
                                                                                                                                                                                                          SHA-256:AD00BA11BEF803203B3B68D08C17D26B4848546847D3EDD7802D968A6ECC3723
                                                                                                                                                                                                          SHA-512:AB06AB8090F4B50BB18BFF91D08B3C3741818F4F511CDB1A7B6B4AF58BDB0782AABE3AAA9157B9BB9FB1D9C3B25C143B66E87A7D513BA3C7B5123BDA2C688762
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuSeparator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2533
                                                                                                                                                                                                          Entropy (8bit):4.846356002102557
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9icDQ3JFbtMu0b:nd5CB7fdpF6T3vpMF
                                                                                                                                                                                                          MD5:6B0C18B69818DE385FF38137747AF21B
                                                                                                                                                                                                          SHA1:DFCA99F3770E59D0338242859CB63D30DAF5DF8B
                                                                                                                                                                                                          SHA-256:BE42D1BC196BA6E2849C0B536F5B8B9532CF9A212B8838E88C431E3135F040CB
                                                                                                                                                                                                          SHA-512:E97817510C45709C990B9F2C75758658BDEEBE7CA88BFC47C2488B1975644E1FD60302997098061DA814EB53650217EB651C8B6E9C24FD1CDC01D48FB10DFA35
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Page.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2585
                                                                                                                                                                                                          Entropy (8bit):4.772316352792342
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ilQ3JFm0QuLYup1:nd5CB7fdpF6e3vn3L/p1
                                                                                                                                                                                                          MD5:38CCA49F231D57566EFFA74E188DBFA8
                                                                                                                                                                                                          SHA1:AEBC934932605C2F6BF070DDFD38A766CF910E31
                                                                                                                                                                                                          SHA-256:54E4BE75E5355BE1FE22E0B16C51FB81F974AF9FCA4C487D78E4AC4AD391B214
                                                                                                                                                                                                          SHA-512:99F74FFE7F05FD29A2CC92542B6FD5D415CF373CF1CEED17FB2F33100AF75AF9099787A935504790F9E7F309AE59C1A55600D291F1BACF2DCA1C0D004FB377E7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\PageIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2769
                                                                                                                                                                                                          Entropy (8bit):4.791992195558291
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9i6DQ3JFbto6qEOFZZ:nd5CB7fdpF6Z3vpo6Tgz
                                                                                                                                                                                                          MD5:D68B0EBE4F30F47A9FA2A8EBB8719044
                                                                                                                                                                                                          SHA1:9A068AD807DAFD0D7C093296849322C26DDA5AD0
                                                                                                                                                                                                          SHA-256:5B42D3E817DFFEF20F3328BBB73F89E11E52F32C5359DE999D898B09D7747FF6
                                                                                                                                                                                                          SHA-512:E98B2A9D14809DDB7F91378541A9467B04F630F4FD604CCE3FDE9C71D9A45608600F17D38CABFAD66D37D095D4A9708A3271CE9CD59E7B4D68060118326D3809
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Pane.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2312
                                                                                                                                                                                                          Entropy (8bit):4.836628797705159
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iUQ3JFw0j:nd5CB7fdpF6H3v5j
                                                                                                                                                                                                          MD5:E2EB84D9C62821F21DCDD802F873CFE2
                                                                                                                                                                                                          SHA1:DB2959EFD8F76317AB662513F8083C61F68977A7
                                                                                                                                                                                                          SHA-256:09EACE0320CE3E20AD80D2FB3A9E7E6F1D42C0EB2F84C2EE569AF4345F1B28CB
                                                                                                                                                                                                          SHA-512:62A6CEAB8F7BEBF75DF99EA9FA8CD859A2D0B800E5CD3FD2F58AA2C8499CCEEC9EB856D50575BF67E9C44627BA2453ABB592B8DB0A1BAF2B43F05B0A13EFBCF2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Popup.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2618
                                                                                                                                                                                                          Entropy (8bit):4.852512229773011
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iwQ3JFw0jaSE8xb:nd5CB7fdpF6D3v5ZB
                                                                                                                                                                                                          MD5:96811F768438E70DEB8BE62112EB8571
                                                                                                                                                                                                          SHA1:A9BF49AB45008EE53FA6A60061CEF11056E96F7F
                                                                                                                                                                                                          SHA-256:FCD0CCF5FB6E7B20FFB06E7AA4A0F49C18BB6A5C832A5E3B5D0F72EB8FC857E8
                                                                                                                                                                                                          SHA-512:ABD9ECD915221AA3FD1723D30C68C48BDA166ED0AE3E562367C9257B34481754EB7C8E07F6F3062BE8D234A065F97FA1035EA548419FD2A4628B389E826D8852
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ProgressBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2783
                                                                                                                                                                                                          Entropy (8bit):4.822722121007662
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaiQ3JFbt8z2rozak8PjfcxfkPb:nd5CB7fdpF6Nl3vp220zanbAf+
                                                                                                                                                                                                          MD5:919BE776133310D6C9EFC17B64F7BF39
                                                                                                                                                                                                          SHA1:3038245521C3059E1A092C54F327F3EF8D023E62
                                                                                                                                                                                                          SHA-256:CABAD8F6559EF0A38D87A5C7BF8504C3448B8364FCBB8CA4810198D34E74FF94
                                                                                                                                                                                                          SHA-512:66D0907A356535CB14CBE7171EF87F24DD81F5472CDEAA63F8D44639F1C0DFD134B05A227814842E2D419C84EF0FFA59B1814DEEAB703F5D4389E946C9CF2DC6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RadioButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3234
                                                                                                                                                                                                          Entropy (8bit):4.831819684485204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaFQ3JFbtoMJA10J4i0xeskxICUlLQ:nd5CB7fdpF6N+3vpoMNRgWpD
                                                                                                                                                                                                          MD5:47B37B8CAFC071F3782645DEE264A0F0
                                                                                                                                                                                                          SHA1:B7E8D3D5557BCA1095609CBB154F72E6123B2D7F
                                                                                                                                                                                                          SHA-256:D045CAC3BB3EB18F555C1BA2E18DB8D29F0BA0618E1C031E430D4E0FEB3225C4
                                                                                                                                                                                                          SHA-512:8F4C9D1FD7D5EDAC9463D1D6F2290DFD07DABAE1D91239F4391F9B94F559D6E43F891424C861E7BC135544FE32EE9FA01E4F73CFA443566DE94B2D593FA808BA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RadioDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4189
                                                                                                                                                                                                          Entropy (8bit):4.818559974021103
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGnNt3vpoM2VSickXx2MIb+n:nd0BhpkJ2V5xvBn
                                                                                                                                                                                                          MD5:F04B8D57B0CF35179A39A63C3B498BF3
                                                                                                                                                                                                          SHA1:5B013B2BECDFC98DD6DED7BB61E75E03389EA954
                                                                                                                                                                                                          SHA-256:A8A0C6E167CA215BACCAD9E343D11A2F259909C88E3B1DC88ADC8B0629D5261B
                                                                                                                                                                                                          SHA-512:ACF92D3FFB610B78839A0A7302761734630286A702CA98AAB32132CCEAD81268AB1595D52D73627DCC5D0024A9372F4AD44C316D600E879032F5EC58734475AC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RadioIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3462
                                                                                                                                                                                                          Entropy (8bit):4.757964754620368
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OifSiK3Iyrr8NL6uryAsLNb:nd5CB7fdpF4f2VrINz2As9
                                                                                                                                                                                                          MD5:4E23BD6C4A28E57D4314EEC0C105BEBC
                                                                                                                                                                                                          SHA1:5355E64D346609C314E6BC31991F920C72C5F160
                                                                                                                                                                                                          SHA-256:E44305CC55790361E327EE9A4E03231070848B9D606F854E6A43638310AB91BF
                                                                                                                                                                                                          SHA-512:161294AD1257FF277F72C328F4C75BB9B84518861B15C51FEA2490503D88F2DB965F9C46022B5BDAD30041283A4262D36B146359931A32523AEF7E132A091067
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RangeSlider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5735
                                                                                                                                                                                                          Entropy (8bit):4.762434213586017
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpF6F3vqStm7KqO6oLF9PxJrF9i69xttQ:nd0BhpLSEGAox9jR95Q
                                                                                                                                                                                                          MD5:D0E7BD67863F9214FC91B2DD744F5C97
                                                                                                                                                                                                          SHA1:08F3738040BD9886598E6E513CE9CBCEA5E4674F
                                                                                                                                                                                                          SHA-256:C6EE80AA856F618C3FEB777EB96C329AE7B57D2C53D990BC34548B4CEAB68C98
                                                                                                                                                                                                          SHA-512:1EE5EE2BCEDCD5431CFCF48E6396A1D317E69C0635ABED0FF43F1724659D42C4F94CFDD0E9404BE50A82C2910CA29762FB43FD734E34065D7EF92922E4C501F5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RoundButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3650
                                                                                                                                                                                                          Entropy (8bit):4.756460909764809
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiCQ3JFbtBuI/kXx5gwMyUbMAx:nd5CB7fdpFGnF3vpdkXx5gQUbx
                                                                                                                                                                                                          MD5:6A1A1A3594F7FCFFCA535F343C265D07
                                                                                                                                                                                                          SHA1:A833CDCCE738182AC3F7ECF1D670BF51F7485E95
                                                                                                                                                                                                          SHA-256:4830165063CEA46830FE37DDEF5695A1372F3ADCE5B40CD97A17753904E3D091
                                                                                                                                                                                                          SHA-512:C068764410453E56A0B34CD4AE0EFEAE2CC1C20EC45E9A4EDBCC362545DC2AA305F14CB56078893D2FB8B3E9228FCE194604B76F4E080064A3E0E0E17A8C30FA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ScrollBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3798
                                                                                                                                                                                                          Entropy (8bit):4.833929967744693
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9isQ3JFbtbSQuWfEJBNvjiykDPxEXi4PxZ:nd5CB7fdpF6f3vpb1uxlKPai4Pb
                                                                                                                                                                                                          MD5:A3E3A50AB10788C00A13998D8B60084C
                                                                                                                                                                                                          SHA1:C27B825B3144D8C9659F604EB4C54610029CF775
                                                                                                                                                                                                          SHA-256:D3A2C52A2B4E31C545EABE98223ABB046A420B46FB933FFAC4785014D3BAF58D
                                                                                                                                                                                                          SHA-512:174A1C30FCBD50DB8261C38FEF4846D02DEA363BFE69EC2D1C42AA1E35086BA4F30191BF3706B92997D6907A93A89598A88D1D45EF850AD85853ABA525FCDDED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ScrollIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3070
                                                                                                                                                                                                          Entropy (8bit):4.707917185138538
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9isDQ3JFbtSTBNxickzXE8aXH:nd5CB7fdpF6D3vpS1KzaX
                                                                                                                                                                                                          MD5:D80721F83A475CA172D3AB390278D683
                                                                                                                                                                                                          SHA1:E8E32AEAA1EA069BB01CFD814A2EE10BC9FFAE00
                                                                                                                                                                                                          SHA-256:31409DC791AB9690F9ACB1C5581C9EAA60187C12169A249030EC0A22D07ADD69
                                                                                                                                                                                                          SHA-512:989ABBAC2BAFC6853408D6566DE2E6B83D3FDB0F3BAD5D974A4C36E06E03B590C611C8E9610935E1DFFA285D20C426E4C140EF9B07E299371D43C6049A3EC157
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Slider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4658
                                                                                                                                                                                                          Entropy (8bit):4.799331765263338
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ifQ3JFEITdd86EAwWKm6EAm2FLF9d6oAF9miwx:nd5CB7fdpF6o3vjZ2t6oLF9IXF9mi0
                                                                                                                                                                                                          MD5:A483F67E851CFE81A3BB3288E11D6D77
                                                                                                                                                                                                          SHA1:116ABD889A39EDF699A2C4B68CE6D4B88EBC003C
                                                                                                                                                                                                          SHA-256:4E25E9C7BF52800675D934BB24B5F2BBC7BEE91F0B139CAE6F934D453E354EA7
                                                                                                                                                                                                          SHA-512:DC7E84A05EC92731C78F807125D95314E73D535D9A0C114BFF6581C141CAD807B91C46AA4896CAC7E5F5580BA3B96FB0EBD48D57A378CADC0697151F6CFCCC96
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SpinBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6648
                                                                                                                                                                                                          Entropy (8bit):4.72624143810639
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGnh63v5MRkq3JCjKB+bCSQOQ/ra:nd0BhpXhQCQWa+
                                                                                                                                                                                                          MD5:71AD2135502E88D66B0781143923CAC6
                                                                                                                                                                                                          SHA1:99EEF2C55E9F4A6171605656D28EB390094E1497
                                                                                                                                                                                                          SHA-256:44B096B4415E7CB19082F58086E0F5E1726694F206A4364872A3C360953D7052
                                                                                                                                                                                                          SHA-512:FA45DB83E3DDEFC981B4380657B0C5709BC345D859449BC264F1DE9FF789029D82912BD5C6F69D0392A9A98000FD428508139D064EE2C3F44F33ED134098F296
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SplitView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2682
                                                                                                                                                                                                          Entropy (8bit):4.878133413550622
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M55H6E+iCsAaKj7fOWIkFy9LixvRQqJFbtyz6t1:U5CB7fdpFiqvpy23
                                                                                                                                                                                                          MD5:3ACBE1D1CE8AB0CC2BD7823FDFA4A2FB
                                                                                                                                                                                                          SHA1:4BAAD0103B2EFDAEF9FB1C2B7FD742A2E9DFFD32
                                                                                                                                                                                                          SHA-256:B05DA2F982432D6BEE7604DD04E0E8FF5D5CD160E4156A71C27AB7F1D7FC619F
                                                                                                                                                                                                          SHA-512:E3EBACBE12013E6A690E6E9DAFEB09E43F276F1C9648CD125F8A68552B84CEEAE47ED727AD16603178B0F7477B03236AFC96E811CC33B206EE114C46FA350BE7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2018 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\StackView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3388
                                                                                                                                                                                                          Entropy (8bit):4.8990700467566635
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ijQQLet9LGtDFLfCtP:nd5CB7fdpF6sQLet9LGtDFLfCtP
                                                                                                                                                                                                          MD5:0845F8209BAC4A8AD3409DBDA985AE6B
                                                                                                                                                                                                          SHA1:F143660B4B9FC3E107D798121A995038585ADBE2
                                                                                                                                                                                                          SHA-256:1FB2C1779F30B431D2BFF35948DB799AB409528F39742F2325BF5601E5EDB7EC
                                                                                                                                                                                                          SHA-512:01FD4E84AB2353936220F36F3A80A8A5323DD5D108F9F3985384B495CC9947A33875D2604ABD4406944FEFB1A8F0F3B43E9606DA25200F3D3BB13C506D5C85FF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SwipeDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3841
                                                                                                                                                                                                          Entropy (8bit):4.788731261366922
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhginQ3JFbtoM2LuJkXx2MCblE7OG:nd5CB7fdpFGnQ3vpoM2ukXx2MCbW7OG
                                                                                                                                                                                                          MD5:E2799AB66803065646838BF4B6059F9A
                                                                                                                                                                                                          SHA1:E2B4F672B00CEB5F9A87056DED3308755AAB1C81
                                                                                                                                                                                                          SHA-256:A1845B21F9FB5163E00DBE0C2EB6761930DC15CBD04D29C624FD0774849A81BE
                                                                                                                                                                                                          SHA-512:6BCE7B2B1CBE8F4BDE8A68A88725091ABC713A32566112598B5ED2418F8CEFAEA4B20E0BAA8CB154D0CA31B14B336AB5027775E5ECAD483944D8E8A62589ABC7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Switch.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3230
                                                                                                                                                                                                          Entropy (8bit):4.8302682043142635
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaiQ3JFbtoMwx10J4i0xeskxICUlLQ:nd5CB7fdpF6Nl3vpoM/RgWpD
                                                                                                                                                                                                          MD5:415BC326337D27F9C84C6AF2FE9534A0
                                                                                                                                                                                                          SHA1:906D3DCC493BA53667351492BFFFF80D88450884
                                                                                                                                                                                                          SHA-256:41D3A1564F0DF044A541CBCF96CCE0404C6909B198C18B5F7A6B079E766EDBCB
                                                                                                                                                                                                          SHA-512:61F8B564366EF1A123940BB529B606CBA093DB2C811BE4C2D141BECDACC1B7B1FB9AE00BB825B4CBAF6BA844F7C2B4746D041555DDB8547248E3528C7B4C33EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SwitchDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4191
                                                                                                                                                                                                          Entropy (8bit):4.818843049822159
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFGnNu3vpoM2ASickXx2MIb+n:nd0Bhp3J2A5xvBn
                                                                                                                                                                                                          MD5:00A6BFFB5C8E7EF66140ECA140CF41FC
                                                                                                                                                                                                          SHA1:6112AFF0672F25CC5261189241E1856206687F11
                                                                                                                                                                                                          SHA-256:6183952A78E9513F90343244FF7FB94ED71FC24329533FBCF983F13A73805E0B
                                                                                                                                                                                                          SHA-512:B5360F9C7C4647EE00A5EE660F98E04DB5F6EF889BA6E689F40DA77B412EED93D9B8FF213DBC2E4EBA1CD1F1B8A173A3B2D47F67BE137E3F912DD6D3A52D8289
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SwitchIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3749
                                                                                                                                                                                                          Entropy (8bit):4.773499896099176
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9i5b76uiN73cfWyTnTY:nd5CB7fdpF65b7EM/jTY
                                                                                                                                                                                                          MD5:408ABDB483638C73F45F54B8DFB8750A
                                                                                                                                                                                                          SHA1:EBEBA2A6A99A038B96B2559679D42757E9DEC6CF
                                                                                                                                                                                                          SHA-256:B43EDACFBC91550236975CE77CE1EC7F0A611E4399C642284BBBC43419E24322
                                                                                                                                                                                                          SHA-512:421D68BD795D2958A72E2DF19F9173C83D6657EE256DEC1DBC9B84558AF55A46E0C4695DD43CB91BA797E59A86F09A0086E4AD9A387A26BD8695577785132356
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TabBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2859
                                                                                                                                                                                                          Entropy (8bit):4.856566390652683
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9imQ3JFw0mwlc0jisC:nd5CB7fdpF6p3v5mNHP
                                                                                                                                                                                                          MD5:92413583ABC598468E5A08F8743591EB
                                                                                                                                                                                                          SHA1:DE75EB1671C40C4D6C1076F227E9D67CE9553062
                                                                                                                                                                                                          SHA-256:2ED1060C8E0886E36EF63B9F3A401D75E97EF54C16F2A9F3B2DD8463D013A014
                                                                                                                                                                                                          SHA-512:F4E5799F9B6CB00C8CD516BD5F6762784910C9DA5858BA17AECD21D964E0BE0EEEA6C5679889567E6612D7A39852736D859176431B00981A88824F2B2699F885
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TabButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3082
                                                                                                                                                                                                          Entropy (8bit):4.806664956509386
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mhgi5Q3JFbtPumkXxL:nd5CB7fdpFGnS3vplkXxL
                                                                                                                                                                                                          MD5:F935656067114BEBE3FBB5E1B060CB36
                                                                                                                                                                                                          SHA1:316C55985EE466FD2CD2E6AB1EE7A99BD4B58EC8
                                                                                                                                                                                                          SHA-256:13C688005A1D38A943E4C971814067E388F5288F1EAF253244EE444E4456F967
                                                                                                                                                                                                          SHA-512:673BFE928F2EDF0F0F7B1504E1CCF6B52CE120F17029FFDCB923A57439DE05D97DD39D87A8EE7C73EDAA48175B6877A9C68F9A4F6DF8A34566F299BF24C70EEE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TextArea.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4336
                                                                                                                                                                                                          Entropy (8bit):4.801117075800774
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mhgi4Q3JgZLzA9Cd7ryljygyy/PCyQMYN6b:nd5CB7fdpFGnr3ONsyaluyQra
                                                                                                                                                                                                          MD5:1E396B6F1AE7085E3C629914AE18CD21
                                                                                                                                                                                                          SHA1:18039DD354BAE88FB0993F72BB1F4F61540BA30D
                                                                                                                                                                                                          SHA-256:541E88FA989E7D56961E7969645E4DA4004BAB7342D9BE5A53452C716B05381A
                                                                                                                                                                                                          SHA-512:D503732EE4CE3C9E72F3636D988B68A47DC33553B15F00EB87C49683A40F9F77F1346FBB30035585FC45389308BDDEA9EE24216550A34CA6134565F52A234E9B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TextField.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4319
                                                                                                                                                                                                          Entropy (8bit):4.824043771387485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgizQ3Tw/nP0p9Cd7rS+jygyy/PCyQMYN6b:nd5CB7fdpFGn83TcszyDuyQra
                                                                                                                                                                                                          MD5:9B0751751CBDC555F47E3286BBB77953
                                                                                                                                                                                                          SHA1:8CDFC51C00A7A8DAC5A636ACD0C409BC194CB337
                                                                                                                                                                                                          SHA-256:BC9BE32033EC2EF5C9FF140D7F21D12B293557DF6FD285CF467E7AD895D20E53
                                                                                                                                                                                                          SHA-512:2FA7A0DC1657F24081A34864A71041F5C4582D9B54A69601A0B9269A6DC0C45D84FD66A1FC62A37EC58BAECEF7D142CE970BBF42912970F1D93016352E034C65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2359
                                                                                                                                                                                                          Entropy (8bit):4.849036051905213
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iVQ3JFw0nkH8Nb:nd5CB7fdpF6O3v5nbp
                                                                                                                                                                                                          MD5:AE20FD05FA8EB6037E6FEEED24254E4B
                                                                                                                                                                                                          SHA1:74D9C01353EA4B8A14FB93B16D1B2E7CB31BB4EE
                                                                                                                                                                                                          SHA-256:31519E86E9522627C42B95685226213CED9EC312997A00D5529847009E0E6789
                                                                                                                                                                                                          SHA-512:20275BE170D8B61383146C0CE15E0376736941178662D499AAA26EC97F58E8C488C6393A13F82BD15128DB32480363B4ED3C9096AF97FE7E4CAFF52163420F2F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3315
                                                                                                                                                                                                          Entropy (8bit):4.835599944070907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiAQ3JFbt7uI/kXx5ykHYwrbix:nd5CB7fdpFGnT3vpfkXx5yNgbO
                                                                                                                                                                                                          MD5:77E3A69CA01C54E4424820D937D014DA
                                                                                                                                                                                                          SHA1:FF23A5190097D083DEDFB5F8215A3DCE8FB7699A
                                                                                                                                                                                                          SHA-256:EB353F7EFCB8C77E1ED23EA612FEC9F394D495D5DA4BE3A851CFF9B22072C239
                                                                                                                                                                                                          SHA-512:1DCF1DE5A7A70B0519BA0E6F1B8631BDF5D1BC168703454AF9D0365ECF05527F9B3156420D471DC59233E5ED5E15AB863B594FBE29768CD39A1A44503F90925C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolSeparator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2564
                                                                                                                                                                                                          Entropy (8bit):4.855878718510748
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iDDQ3JFbtS6uSb:nd5CB7fdpF6w3vpSDS
                                                                                                                                                                                                          MD5:96D4B0987608270E92965C2FCB1246D6
                                                                                                                                                                                                          SHA1:0D889A38EB375B90F2DFAC4FCD41DC09F1FDA92B
                                                                                                                                                                                                          SHA-256:42FB514CD92C9C87A80EDE4BD648758CF54F74CC05D3338AB76326FBC4D09A1F
                                                                                                                                                                                                          SHA-512:39597673F408F531E4A6812A9E794D233A398206826B6B450C5E18977852AD35C548941D6671C56AD32EB7398A4863CF54A13B74CF90343A168A3EB3265F6A38
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolTip.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2919
                                                                                                                                                                                                          Entropy (8bit):4.873465289167498
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ilQ3owJFw0jWrOaFD:nd5CB7fdpF6e35v5jq
                                                                                                                                                                                                          MD5:6B7AFC1DB3A32DB1541023A199F64909
                                                                                                                                                                                                          SHA1:F80875DD56C24CF6EEE538C0AEC0171BF08BC28C
                                                                                                                                                                                                          SHA-256:8C3F4A1AD480B81934A91171C67D61651F39C87FDFFEF348045D492E6EAD32B6
                                                                                                                                                                                                          SHA-512:92024C59DDE029A5B4F1707F0310638CFC6E110E05E8A13A2623D0933FB7E2797326129B22F9171500E804E3EBBECC1B8D7BDD3737E5C3DFDFDEB143549CDB94
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Tumbler.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3319
                                                                                                                                                                                                          Entropy (8bit):4.8279801671890015
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igMhtQ3JFI4Ctf/KeGlZusHPwLA:nd5CB7fdpF6xG3vInyrwE
                                                                                                                                                                                                          MD5:2A009241245A2ECF132569C737FFEC1F
                                                                                                                                                                                                          SHA1:225D896E1FC4D7BE40B5E7C16AE7E6E8E095DF18
                                                                                                                                                                                                          SHA-256:3B17958A4ADDBD57365B0EE41ADD4F3F80F1CEB35C9E8FF1268E706B7AEE6AD9
                                                                                                                                                                                                          SHA-512:DE81361CB3C1C5713F2627CBD005AD38C1C543DA36716B6E27FE08A8C21FA8E7E2D68C94C991EFBFEFC0CBCF07C9EDCA604211F0D8543FD1E2EEDFFF6372FA2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\VerticalHeaderView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2996
                                                                                                                                                                                                          Entropy (8bit):4.822220527499383
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvx8cIQ3rNqYJaFbbUWlF:L5CB7fdpFG3BqY8b1
                                                                                                                                                                                                          MD5:B6908BB475283A82C04F52B8C3584B8A
                                                                                                                                                                                                          SHA1:9DE2170C912B514B5ED1F7EC697EC141799FDEFA
                                                                                                                                                                                                          SHA-256:FEBA09AC8F1B9CBDA59D0EAC4AB68446414C0720A6FEE19351FE1CA1A12612E0
                                                                                                                                                                                                          SHA-512:E9FAA144238C42A583435D5B69DD9D1FBBF6578E0B4229B1312995183B8F0261435605793BFF3B41BBA423CF390116CA275F7FCBEBEDDAF62FFC066572EC8C80
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13897
                                                                                                                                                                                                          Entropy (8bit):4.371650370083731
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:X+f/XO0eXiqegTmSc4EhouBsDTl6tlK9jFoY3D3yEbfbiseVpTHD3aIq9EgJLeJo:nEssKhFv
                                                                                                                                                                                                          MD5:1AD125081A90751A1B242718BC778618
                                                                                                                                                                                                          SHA1:28A24F7233FCBC29E7C4F3101E617610AC099756
                                                                                                                                                                                                          SHA-256:3422578EFD36D424686F0FEA58A6DB6E2BE606DEB4CA3584143ECD23D9399516
                                                                                                                                                                                                          SHA-512:680D8C1254335434960EDADA3760D65DBFCB94F0F1815FB7C432CE0E757A89329A2BB4D0C21D8E66ECC184DA737433B73ECC2CED12E8B2CD3261EE44717CEF6F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Controls.Universal 2.15'....Module {.. dependencies: ["QtQuick.Controls 2.0"].. Component { name: "QQuickAttachedObject"; prototype: "QObject" }.. Component {.. name: "QQuickItem".. defaultProperty: "data".. prototype: "QObject".. Enum {.. name: "Flags".. values: {.. "ItemClipsChildrenToShape": 1,.. "ItemAcceptsInputMethod": 2,.. "ItemIsFocusScope": 4,.. "ItemHasContents": 8,.. "ItemAcceptsDrops": 16.. }.. }.. Enum {.. name: "TransformOrigin".. values: {.. "TopLeft": 0,.. "Top": 1,.. "TopRight": 2,..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):158
                                                                                                                                                                                                          Entropy (8bit):4.58971464637918
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BV9NKH4TAXDJoNMURCNC4MXWEJWiwhvyWmopCxKbbJ26akyxRS9NKSvn:xVfW4TAXVoNMU74MXWgWiw58oIst2J58
                                                                                                                                                                                                          MD5:62CA2AD26A8B534945019A03A4C386F8
                                                                                                                                                                                                          SHA1:FDD59AEF9ABE3682A09152FD8C0B5C7A7691E5FB
                                                                                                                                                                                                          SHA-256:1150344EDEB157FAA029A8D93A79B6C6D80E97B492D67F1AB636EFB156E7B19D
                                                                                                                                                                                                          SHA-512:04D4DFABC37079461913B845CE43CC6358E23CCF1A19AC97477143554179B05249C636584CB03CE2B5F5903E309D98E7C5CA3CA651FDBB369362ADA8393F4A3C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls.Universal..plugin qtquickcontrols2universalstyleplugin..classname QtQuickControls2UniversalStylePlugin..depends QtQuick.Controls 2.5..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):601208
                                                                                                                                                                                                          Entropy (8bit):4.759077407408473
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:m2mN9upIp/pGp8pzpLpcpopGpxpYpLpupDpwpXp+pWpupBpIpipWpPpXp3p3pIpn:9mNDEh
                                                                                                                                                                                                          MD5:AF7D96D92E26CA7E757F787B1E6048AF
                                                                                                                                                                                                          SHA1:0F0B4A76EC2E35673941D637BE19A916BAD6210C
                                                                                                                                                                                                          SHA-256:C7257EC592AB07C1BF70F627A451284DAF7E630225107F0E1F95DAE2C7888463
                                                                                                                                                                                                          SHA-512:035168E1B829DE8DEC0A7649652FE643D26A871958A0D18090E998B0884CBD47BBD6BAC69B80212CD8BF002345657C7A98B7F225A96F104C220D22DD7CBADEDE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w.....S...S...S.nqS...S!{.R...S.~.R...S!{.R...S!{.R...S!{.R...Shx.R...S...S...Shx.R...Shx.R...Shx.S...Shx.R...SRich...S........PE..L...[r.^...........!................%.....................................................@..........................................P..................x....`..<.......T...........................X...@...............p............................text...D........................... ..`.rdata...V.......X..................@..@.data....*..........................@....qtmetad.....@......................@..P.rsrc........P......................@..@.reloc..<....`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\VerticalHeaderView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2833
                                                                                                                                                                                                          Entropy (8bit):4.809421054317256
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvAQ3rNqYJ3FbbUWlF:L5CB7fdpFk3BqYvb1
                                                                                                                                                                                                          MD5:F5CD8AC746B6994ED71FF8301B42A56B
                                                                                                                                                                                                          SHA1:BA037B256EE49D9FC2C30BD11CCB8A01993A38B5
                                                                                                                                                                                                          SHA-256:1D4F3F1D0DBB8CAE0D392C2556889C9639A1A51B055E47BDAABEDBD33BD4A934
                                                                                                                                                                                                          SHA-512:6B465228D5918FC4A1EB093A0896ABFBD11A57ABD2641A6F89581B063E6537F5BEC2B33084F873871026526C39741A10CE11C0F52BE80B35257EC86F7BD27E75
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\AbstractButtonSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4189
                                                                                                                                                                                                          Entropy (8bit):4.590051340924354
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0u7LZgzapSRSSP3+jg0cxca/edd3ExnAOY9:nd5CB7fdpFFC7La2u/+jg0Za/M3MnFY9
                                                                                                                                                                                                          MD5:A63F43FAE673A9B791CEC4ED6BBCFD3F
                                                                                                                                                                                                          SHA1:FB4E604269821F309AD5029C76027D1E0FD9B4EC
                                                                                                                                                                                                          SHA-256:8185529D14235068BCD043ADF55880DFE504CEA3387049EBEACC53DC6B050947
                                                                                                                                                                                                          SHA-512:DDD381FCD59BBEF6A90EE79F682264BB3C4E96977F7DF6AEC5A3E44E317FB97E6A5D91935E6C1D15C81A903A5B914CC374738CD2ACD98E2546CE11626821EA18
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\BusyIndicatorSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2627
                                                                                                                                                                                                          Entropy (8bit):4.723364711234391
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuDIbtMjFLi:nd5CB7fdpFFFLuWtMjFLi
                                                                                                                                                                                                          MD5:36277E316A15296D604D0A82E0FBFB0E
                                                                                                                                                                                                          SHA1:7A2A8FF4A15037B945255612CBE461BD50E93F71
                                                                                                                                                                                                          SHA-256:A6F736C2713B08F6AAA5CB51019FBB393AC6C57B75EF5E4005D29EFF48A92A98
                                                                                                                                                                                                          SHA-512:3EAFE4467611E9FA4C89E950D77620FE4AB4801A657D8641C9E2E24C4696CD08681A8DC7952C2811FE09CE0C61EB73FCE7C2C7CDC41E3C063760D77976304E5F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ButtonSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3105
                                                                                                                                                                                                          Entropy (8bit):4.707682721934341
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym02AEBLJOYHtrDB39:nd5CB7fdpFF6AE0YNr939
                                                                                                                                                                                                          MD5:029323EE757A222E8DF48E7EBF04BD93
                                                                                                                                                                                                          SHA1:035A38F873407E253C4AF63A11497B8CCDF3D478
                                                                                                                                                                                                          SHA-256:1D571BABABB04CE5FE55B1D0F1DD362EACC304BDE7125DED0D218D9CE6DF03C4
                                                                                                                                                                                                          SHA-512:683E786555E4039963765306EC6BBCB319207452E912148E29FE1BA9FEA2282AF474B1ACA2366CF28F9412E8BA538BFCB8CA99314719297D0F969E12043DBF1D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ButtonSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2192
                                                                                                                                                                                                          Entropy (8bit):4.788553950637862
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lot5y3jFLi:nd5CB7fdpFFFLot5y3jFLi
                                                                                                                                                                                                          MD5:920C6A6B84D14E1995291B8177A1141C
                                                                                                                                                                                                          SHA1:C9AB88CC4C09EFBBBA25B63A70479D3159A837BE
                                                                                                                                                                                                          SHA-256:9CD02378488E8DDC891CBC1E7718BE197088A628D07100ED2D676B958F57B81E
                                                                                                                                                                                                          SHA-512:1FC8193CA7FBBFD005A4D8169535789086460F4F2272086FE44DA7C9E793F9E4B056A5F7D9BBB25BD818DC56A7FD96864F6EB8ABB244E5C27644FC8D9BA04C22
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\CheckBoxSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2226
                                                                                                                                                                                                          Entropy (8bit):4.806035630450304
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LYsiqy3jFLi:nd5CB7fdpFFFLYsVy3jFLi
                                                                                                                                                                                                          MD5:E7BE5C88888A3B8CDD14788A9950EEAE
                                                                                                                                                                                                          SHA1:04AFEB4DA0CD3801F0F3266C442A51C9045A15BD
                                                                                                                                                                                                          SHA-256:39DC04660C2F4FC02971098B9E261A2F7123887C565F52582278DDB9B7771FBE
                                                                                                                                                                                                          SHA-512:2624E6D94F8A43CB9E59FA90CDD7BB221C0494E5D3EF1CC5006F09181A97713DD86A2C9688E956A9487280A5366867E423ED39A9B40FA6D51AAF03E271150014
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\CheckDelegateSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2296
                                                                                                                                                                                                          Entropy (8bit):4.795325715833799
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LYsW5y3jFLi:nd5CB7fdpFFFLYsW5y3jFLi
                                                                                                                                                                                                          MD5:F06ED234814DF3A8F4A2040A69CA258B
                                                                                                                                                                                                          SHA1:4913E605AFC2DD5C97276140CCC8581983F9AC57
                                                                                                                                                                                                          SHA-256:150FC7ADEAF4751CD91440C69E0D9671F141E5B4C439EF886DC863256241A898
                                                                                                                                                                                                          SHA-512:1161A17C7038F1527787FACE844D211226D70E16BDA1607E1F58F0C77E290184885E2DD209EE6C46F5DB9BCFEA6060E636115C702297EEF6D573DD47213F1625
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\CheckSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2661
                                                                                                                                                                                                          Entropy (8bit):4.738841008151935
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0QoXrEub+HY5Yz9:nd5CB7fdpFF8uXq9
                                                                                                                                                                                                          MD5:0BA3D106DE56655688B8C59D7C1A1A16
                                                                                                                                                                                                          SHA1:919D19801E710EC9222DCC79C59AF36B1B81B0A0
                                                                                                                                                                                                          SHA-256:70A6DFF9A723B4E2F312ED48F5BA8E3EC7C64252FAF4DD565359294D26A89678
                                                                                                                                                                                                          SHA-512:FCE134B09BF86FAD943230B173547AC9A029E60B60E43FFF95DD5358C2D80424131A5F1029264DFEDE432E7BC0D84A8B23195E23E06109FCC527392BC97A7777
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ComboBoxSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4090
                                                                                                                                                                                                          Entropy (8bit):4.509515420842468
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuUE4DeaHjp2bU9ygOtrWp/LweMjFLi:nd5CB7fdpFFFLu6Dlj8bFgwrULDMjFLi
                                                                                                                                                                                                          MD5:CC5D05E0AE46BE8C3CD68C05B0D90A9C
                                                                                                                                                                                                          SHA1:CAC3FF7D53A5C59D60E58E2A6468A32B8BB435F6
                                                                                                                                                                                                          SHA-256:7B4A6BA8F165CEAD72123F9BC3EC1A52CACBABFC87066BF352CF2330AC54FA37
                                                                                                                                                                                                          SHA-512:BA61CADB7E22AC5C77DB201CBF71DC9F2A2FBCF47568DC4B54247A00F1B3109EE95839B80FACFA732568F7C142FE8007EF79B1D63E0697575FDA88D396851570
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ContainerSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2336
                                                                                                                                                                                                          Entropy (8bit):4.7901862758502345
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0ZqHTJmr9:nd5CB7fdpFF8Tsr9
                                                                                                                                                                                                          MD5:9780B490F860F1A42730957553F0E005
                                                                                                                                                                                                          SHA1:E7E9F3F698B9E5D6693DEF15A4AD8C15CE6591F2
                                                                                                                                                                                                          SHA-256:FD19D8ED1D61F83D67FC363C2E28A76372CDD4D88CF9A90EBB2F74D5E5FD09A2
                                                                                                                                                                                                          SHA-512:69178CAC56FC5F7A407B87A0455506AC8F331903B36864AC085F02EF5E2349261F69EEFEE634EFFB0F3BA1E4A63139195A6B90F41D5DCC8CBEB725EB6CFB5B01
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ControlSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):4.629906109492094
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0IzBv3TsX2abpCx3beJYTqHTJea7BNW3wT9:nd5CB7fdpFFOvfkpM3beJTTMa7aM9
                                                                                                                                                                                                          MD5:AAC3BEB69F29E994CCBB7D2C5CE534E7
                                                                                                                                                                                                          SHA1:115B2613F5726127111AA9CC90EA81904803ACD3
                                                                                                                                                                                                          SHA-256:035B175029DA2D72694B2E7A0A6D13F63C73D6AEC9AB614F9C97FAC2A66CF53A
                                                                                                                                                                                                          SHA-512:D30E177EE91A1D336AC5FEC2AE345D8D3180BA8FEE0315C107750CDB5A06EFB9C28DC8C52AC652555530A71B77E148B0CDDD8D446FDE4C3EB5D729E4EC49190B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ControlSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2066
                                                                                                                                                                                                          Entropy (8bit):4.797894120379283
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L3jFLi:nd5CB7fdpFFFL3jFLi
                                                                                                                                                                                                          MD5:B450EBA19443A3DF0571977CEAF495D8
                                                                                                                                                                                                          SHA1:B35B0C22629222F33BDA33156C178AF505808906
                                                                                                                                                                                                          SHA-256:34F14E5B36DE01740DC8A7C571FF8CE65BCEB7FC4C26F906E10C08773B644AE6
                                                                                                                                                                                                          SHA-512:CD145A9FA4ECDDC55F133A64FD693EADF2CE3C22AF599585E9B0B350827AE9309F9345C79756DA2F0CA9230B62085863924B5AF4D9417DFBF5C30F124C3354DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\DelayButtonSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2736
                                                                                                                                                                                                          Entropy (8bit):4.684553443125928
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuhZNaH/NPwy3jFLi:nd5CB7fdpFFFLucBwy3jFLi
                                                                                                                                                                                                          MD5:CA6FBCA4034AB0C1FC8D58C50AA2E3CF
                                                                                                                                                                                                          SHA1:3F15AD98B82F88ED01656C1AA337492AF5A6A338
                                                                                                                                                                                                          SHA-256:CE45196E4B042826A80FE153EDC7ED6796D19915DDA1B91C82CDED33184E1204
                                                                                                                                                                                                          SHA-512:2CFA38A0E3939711A9024192C77FE1E087A368359945128B2DAE86D048A3746A7492E0B66171067C09B53F4640237791C2E99461066745918F0B14EA688A7820
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\DialSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5553
                                                                                                                                                                                                          Entropy (8bit):4.313373780789749
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFFFLu/chFKjs0jj5Ujv9DuWj4Z6MjFLi:nd0BhpnphFTAq9Drj4Z6z
                                                                                                                                                                                                          MD5:5BE0C7FA4F12F0CD8E7BE7B30D6A4C31
                                                                                                                                                                                                          SHA1:D9CEDD7E15A42895388FF05C95ECB9C1EC2C8E39
                                                                                                                                                                                                          SHA-256:E393F05D340D5A3DEE3B1D72FA8D2436FE6A22C55F84E7033EFD41B12A2EFA00
                                                                                                                                                                                                          SHA-512:19FF325A2A1E38E69EB71F65147C6C07A580731B1D6F951B00888A1540343527B550C0AE9B1C95845F1C86054821E9271D7BFAD5642DBAEAE3371A3D0BB5C26C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\FrameSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2123
                                                                                                                                                                                                          Entropy (8bit):4.790296350072608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LZy3jFLi:nd5CB7fdpFFFLZy3jFLi
                                                                                                                                                                                                          MD5:C24D49381CF8B3E6098FDA1C27527E56
                                                                                                                                                                                                          SHA1:4C78067E28C7FC742C52461585EDF9113483E5D0
                                                                                                                                                                                                          SHA-256:B3BA820FF86BF5EDE7116543342393AB2279C2DEB37C23CE3D240A1F114F16EF
                                                                                                                                                                                                          SHA-512:89022C8518525601024B6C63CA425FAE6F0010D1A167FF7EEF6B7526F6AC634C856811B43D18E0555821F1286895A44F1D7DBA6FC26AB58A50E15FE1FFF64308
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\GroupBoxSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2579
                                                                                                                                                                                                          Entropy (8bit):4.710846092907281
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lu99My3jFLi:nd5CB7fdpFFFLuvMy3jFLi
                                                                                                                                                                                                          MD5:977771B918B7ECD33A6F9E5873372BBF
                                                                                                                                                                                                          SHA1:3B2C4E8CC47B061A566AFCFF3B7F59535D439275
                                                                                                                                                                                                          SHA-256:DEDBD77A8B002762B5A5AEB65E369CF7DAA9767FE68360D5F8654CC60562FD45
                                                                                                                                                                                                          SHA-512:148CD83B7C63E9ED80E598ED58B1EFD7F66A3BE562422B59EDE0E91043974F9D53FF0FE0EC61DF7B3BFEF439398ED618552016275A6326A9C9596B70DD1DE80E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ItemDelegateSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2321
                                                                                                                                                                                                          Entropy (8bit):4.79619373368411
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym02AWB39:nd5CB7fdpFF6AC39
                                                                                                                                                                                                          MD5:A82851C44140F5CAF39AC21DBBC7AEB3
                                                                                                                                                                                                          SHA1:A3D673235E30071D0ED23BE75008D76F6BF6B399
                                                                                                                                                                                                          SHA-256:18DA14C91C710F8CFA69C676103D2621CD7E0FBA23C75BF640E1ED377EE8BA31
                                                                                                                                                                                                          SHA-512:55BDF1DA7EFA1879FFDE53FF2275026ED45B6CFF7FED8191143C15ACDB86AA0727FDD9B909035E420E66775D1EDA22463A31183AC9C527B35BE2D1D7D66063B2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ItemDelegateSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2198
                                                                                                                                                                                                          Entropy (8bit):4.789736142433364
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jFLi:nd5CB7fdpFFFLq5y3jFLi
                                                                                                                                                                                                          MD5:DF7E32B0E18BD35FA8453CB1263886B9
                                                                                                                                                                                                          SHA1:F4336C9380A7FBEE4DFBC17C545B409364F7F8B3
                                                                                                                                                                                                          SHA-256:8207C603C9DE51D9954302DD9DF559A1DF70E0A9658AF62637229B5A2437EEC3
                                                                                                                                                                                                          SHA-512:21D4E9B1D71C5EA9C7C66E5BACEAD5D4857AC109F7452D81C6D793F8843DD1D6F9194011E41259CDB9E3FAECC04675A1433A2DFCBF0B758FF97CBD068FD95732
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\LabelSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2765
                                                                                                                                                                                                          Entropy (8bit):4.763525400412589
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LQq7RHw0XTMwNBSXTMg9kaLi:nd5CB7fdpFFFLQq7RQgTMaUTMaLi
                                                                                                                                                                                                          MD5:694FAB78BEFDB14F35041554D48137A5
                                                                                                                                                                                                          SHA1:5B97BB7DECAD79665F84CF134EC095789E2BCE85
                                                                                                                                                                                                          SHA-256:96ADEC8E69C1F604606A94731F54F0596CD3CD9DABA606BEF7D9188D5C6BFDEC
                                                                                                                                                                                                          SHA-512:99A856097295ABED2DFB28ED8D9301B2ED9DBB8E6590B92E40CCC8C0AB25485EA27E6352CBF0F98C8C830888B6E7864A55442505E46C344E1B43D3BE9C6A2A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PaddingSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3681
                                                                                                                                                                                                          Entropy (8bit):4.600699886807315
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0oAsTqHTJvdADYTqHTJl9ZTqHTJcqXOTqHTJPp:nd5CB7fdpFFdvTFCDTT394T2qJTVr9
                                                                                                                                                                                                          MD5:C430765B66BE6227979D4BFC4E13486A
                                                                                                                                                                                                          SHA1:294F8E24765F9766AEA812FFD033072629F1C6EA
                                                                                                                                                                                                          SHA-256:BED58EBA4585F280EFBD5869DC4730BDBC46863D392DBCBE6EE3241AF08609EC
                                                                                                                                                                                                          SHA-512:9663030B63C24B3A91A7E496FB4366BC183FFC2CC09AC956B873A5874231C15C988F773E8F799008152D1552553C67AF4D195959B7A6124048F61E90A81A9615
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PageIndicatorSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3102
                                                                                                                                                                                                          Entropy (8bit):4.607400853139826
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuJ0aHjpAOaHjp2bMjFLi:nd5CB7fdpFFFLutjSVj8bMjFLi
                                                                                                                                                                                                          MD5:FD043C79B423BBC94EFD52C4BB1B36E1
                                                                                                                                                                                                          SHA1:F9A9715BA6880028CA0427507F8C2DF383B0B476
                                                                                                                                                                                                          SHA-256:0A069EE94955D20611B5B869F5DB9C96E98E1447E96C5C975021720183A5D61C
                                                                                                                                                                                                          SHA-512:BC4BDC6982F3F677BA84BA51B867D3A291C204A3ACBB5913B351574F5B59D5F3629014A22E51C01B6ACBA333CD0A9442A2AC714D21D24AD2B57A39915451A3BD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PageSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3512
                                                                                                                                                                                                          Entropy (8bit):4.536455819119471
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuU9cvaHjpEuaHjpj5MjFLi:nd5CB7fdpFFFLuQcqjy1jp5MjFLi
                                                                                                                                                                                                          MD5:F28678714CF8AC3FE1D3DF5790A849B4
                                                                                                                                                                                                          SHA1:57D7DB50C11255DE0861F8B086D0B1125D4A8A98
                                                                                                                                                                                                          SHA-256:3A2D06290528BD90BBFEE7E532277543340BC33741970BE1F0CD7B743F62F60D
                                                                                                                                                                                                          SHA-512:AE1082E8B797592ACFDD4B938F143D2C31728F462CC1ED50F6F7D38C1E517D6E74F2DA3CADBCC55BC48A38685ADC1F036E662C78CD01C1416BC11FFAC91309DA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PaneSection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2819
                                                                                                                                                                                                          Entropy (8bit):4.72358971509432
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym08fqHTJ0eqHTJTp9:nd5CB7fdpFFIKTClTZp9
                                                                                                                                                                                                          MD5:CD9A097C784EC8FC092609C354D93AD4
                                                                                                                                                                                                          SHA1:1496DEFA81A88DFF13AC4534549F30E0A65A2F41
                                                                                                                                                                                                          SHA-256:A10517398E8DC800A587D94BF8658C0580A99115800E7EB8D6DAF8B0D9C59887
                                                                                                                                                                                                          SHA-512:FC8BE8FD0D8570F01AD314FD4BF6C6D3418F1045384578E60A89F05DB6C583C7DFAE47C0F0AC32C9708F62E8AA0DF718634D6A9A717F2254E1A1E839C1961462
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PaneSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2123
                                                                                                                                                                                                          Entropy (8bit):4.790296350072608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LZy3jFLi:nd5CB7fdpFFFLZy3jFLi
                                                                                                                                                                                                          MD5:C24D49381CF8B3E6098FDA1C27527E56
                                                                                                                                                                                                          SHA1:4C78067E28C7FC742C52461585EDF9113483E5D0
                                                                                                                                                                                                          SHA-256:B3BA820FF86BF5EDE7116543342393AB2279C2DEB37C23CE3D240A1F114F16EF
                                                                                                                                                                                                          SHA-512:89022C8518525601024B6C63CA425FAE6F0010D1A167FF7EEF6B7526F6AC634C856811B43D18E0555821F1286895A44F1D7DBA6FC26AB58A50E15FE1FFF64308
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ProgressBarSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4195
                                                                                                                                                                                                          Entropy (8bit):4.466402741760662
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFFFLuqvWiiwGgchFwjsmjj5MjFLi:nd0Bhpn65hFV2z
                                                                                                                                                                                                          MD5:4DF82CF68626823EB6BB0313B2E8BB65
                                                                                                                                                                                                          SHA1:8E27BA0590C8C879675400C7C534836DE25FF029
                                                                                                                                                                                                          SHA-256:94DAB06A5B0FD568E5B9E622A9CCB72607D371D1849970DD6DBAE3355D1D3712
                                                                                                                                                                                                          SHA-512:03F9A3F45E818199FC211FC3C260352237E99310966E10644D273EFFA8B08DD1F56DD20C331172733114E087AF42712087BA092638AE3538FAEB119ED1FBE345
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RadioButtonSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2133
                                                                                                                                                                                                          Entropy (8bit):4.795371325434706
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L5y3jFLi:nd5CB7fdpFFFL5y3jFLi
                                                                                                                                                                                                          MD5:95806D0BFADF617CDB91B9BAACAB5429
                                                                                                                                                                                                          SHA1:2102999EC25BE88F138EA7C8FBF2A1BF4454C766
                                                                                                                                                                                                          SHA-256:07911DFF4B3128DE29FB83223A78878F9E972F35A596429861C7EA7956923B2D
                                                                                                                                                                                                          SHA-512:00D3B1DD1D764859249A5997EC4B2EC68FDF7C245A3AD4276A81370B2F43090F41D32DE48D94307703436E661EBAF64FF96332F109B0E611B74521F28C8F8004
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2198
                                                                                                                                                                                                          Entropy (8bit):4.789736142433364
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jFLi:nd5CB7fdpFFFLq5y3jFLi
                                                                                                                                                                                                          MD5:DF7E32B0E18BD35FA8453CB1263886B9
                                                                                                                                                                                                          SHA1:F4336C9380A7FBEE4DFBC17C545B409364F7F8B3
                                                                                                                                                                                                          SHA-256:8207C603C9DE51D9954302DD9DF559A1DF70E0A9658AF62637229B5A2437EEC3
                                                                                                                                                                                                          SHA-512:21D4E9B1D71C5EA9C7C66E5BACEAD5D4857AC109F7452D81C6D793F8843DD1D6F9194011E41259CDB9E3FAECC04675A1433A2DFCBF0B758FF97CBD068FD95732
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RangeSliderSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6246
                                                                                                                                                                                                          Entropy (8bit):4.292176098194881
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFFFLuGwEhAzhFejsUjj5gjvrYZvnuWMjFLi:nd0BhpnaEhQhFHgGrYZvnrz
                                                                                                                                                                                                          MD5:07391BF9E1292ADA8FAF330A6CFA1BC8
                                                                                                                                                                                                          SHA1:8983A39BB78677BFAE16D7D58C9C9B727DEC505E
                                                                                                                                                                                                          SHA-256:20E2D4565D23C80E7760476B7E657C8AEC18D600DB571A632FE47E0F407D5B81
                                                                                                                                                                                                          SHA-512:2BA9A83118B50F58B9B10F5E59657DDA019127ED9405C694A9BAD4100280BAB580C9BF5CAD91879B3C825F7BFC909CBCBC9FC3DBD091A9DA0F9878DB42933E82
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RoundButtonSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2737
                                                                                                                                                                                                          Entropy (8bit):4.704967927107907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LgaHjpJPt5y3jFLi:nd5CB7fdpFFFLDjrPt5y3jFLi
                                                                                                                                                                                                          MD5:ADEB2F9FA0589B096AC5492DFC6B83A3
                                                                                                                                                                                                          SHA1:159B39AF374902766BC85008AAF3682A81F9F8EA
                                                                                                                                                                                                          SHA-256:43B500393DEF954156B18636236FA2877694F31A61996DDF14810D6557BD630D
                                                                                                                                                                                                          SHA-512:832858C0CFDADC4F33A6F923665A04DEFCE73CF6011B9D9D902606C30CD28E28FFC073532891A2CDEA96C61B9DBB6AE356D90B40648010C9B38FF747E7992C96
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ScrollViewSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3195
                                                                                                                                                                                                          Entropy (8bit):4.6079588592166605
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lu6vaHjpEuaHjpj5MjFLi:nd5CB7fdpFFFLu6qjy1jp5MjFLi
                                                                                                                                                                                                          MD5:85DA810CC706B345D85F9769B904D139
                                                                                                                                                                                                          SHA1:B9F641481815ADDF96554B1AD41D8788487F0CB1
                                                                                                                                                                                                          SHA-256:CFBB83DB87541E7EDFAD94BC239EBEE295C60E2E40C8FE5DB08FBD231C328BF2
                                                                                                                                                                                                          SHA-512:8D342FBC16EB30F7644F4037CE3C94C60E8AFBE2499AF779B9079E574F8A8247966E305486E138DA88496E691C17B8922E2FC0A966044F8F618356F6ABF2BC44
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SliderSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5556
                                                                                                                                                                                                          Entropy (8bit):4.308086633594144
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFFFLuBchFDjsljj51jvqfHZvyuWMjFLi:nd0BhpnzhFUDdIHZvyrz
                                                                                                                                                                                                          MD5:DF8E409CF2FFF8CD3E3913EDFEFE8E85
                                                                                                                                                                                                          SHA1:C874C5A2A43AC1E24972A1F5AE43325FDBAE0A8D
                                                                                                                                                                                                          SHA-256:BDE4E19DED0005E859058F3A175282AC502AEFF7F447D5F8EBBFCA3279A54190
                                                                                                                                                                                                          SHA-512:849E7D44110F513C8C0F57B05CC032B463F1CE4FB64BB9BF6DCD2B05C4D6A5447369BCC09AA53781FC8E84EF53E957246B5F8F57C1B187B9C6F32DC7AD1721D1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SpinBoxSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4532
                                                                                                                                                                                                          Entropy (8bit):4.423438856397855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nd5CB7fdpFFFLu7rhF/jvNj85njYCgMjFLi:nd0BhpnchFzokpz
                                                                                                                                                                                                          MD5:4F9B4277EC2184EC0F3F499DFA9964D7
                                                                                                                                                                                                          SHA1:DA294070A5B810C04513C76AB807EFDE9E702557
                                                                                                                                                                                                          SHA-256:8B7DAB8EEA8E265D0A2264489898CD0DB82FAA1AB58793DAB316E39C5CC4FE8B
                                                                                                                                                                                                          SHA-512:34C969711D253528495340E585ED967FA95ACFB62EA7CB924FC02EAED74BF177B28EC789ED91BF5B8DC5D0A29F0640DF672D6F8C836EB833B1EE2E7AFCA7266F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\StackViewSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2066
                                                                                                                                                                                                          Entropy (8bit):4.797894120379283
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L3jFLi:nd5CB7fdpFFFL3jFLi
                                                                                                                                                                                                          MD5:B450EBA19443A3DF0571977CEAF495D8
                                                                                                                                                                                                          SHA1:B35B0C22629222F33BDA33156C178AF505808906
                                                                                                                                                                                                          SHA-256:34F14E5B36DE01740DC8A7C571FF8CE65BCEB7FC4C26F906E10C08773B644AE6
                                                                                                                                                                                                          SHA-512:CD145A9FA4ECDDC55F133A64FD693EADF2CE3C22AF599585E9B0B350827AE9309F9345C79756DA2F0CA9230B62085863924B5AF4D9417DFBF5C30F124C3354DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwipeDelegateSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2198
                                                                                                                                                                                                          Entropy (8bit):4.789736142433364
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jFLi:nd5CB7fdpFFFLq5y3jFLi
                                                                                                                                                                                                          MD5:DF7E32B0E18BD35FA8453CB1263886B9
                                                                                                                                                                                                          SHA1:F4336C9380A7FBEE4DFBC17C545B409364F7F8B3
                                                                                                                                                                                                          SHA-256:8207C603C9DE51D9954302DD9DF559A1DF70E0A9658AF62637229B5A2437EEC3
                                                                                                                                                                                                          SHA-512:21D4E9B1D71C5EA9C7C66E5BACEAD5D4857AC109F7452D81C6D793F8843DD1D6F9194011E41259CDB9E3FAECC04675A1433A2DFCBF0B758FF97CBD068FD95732
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwipeViewSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3100
                                                                                                                                                                                                          Entropy (8bit):4.6223226231291985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuGguECBCZrLMt3jFLi:nd5CB7fdpFFFLu5/CEZvMt3jFLi
                                                                                                                                                                                                          MD5:A2DF382A28EE2A85E65D72E6706BE9DD
                                                                                                                                                                                                          SHA1:8835926DC5E4491BDB5812C55B669D1BDC596DEA
                                                                                                                                                                                                          SHA-256:F0D87BE641213B0FF890C2E4069E32681A874646F3965C9C6927D32DE78335D7
                                                                                                                                                                                                          SHA-512:67B19EE99E51858D59395816A7E2433E7B0F228633C75662CE71F1B315FEA9CFC048A6220F86E740759B8A47E81883C50C7B9E98F37D81A79C7DB764AA9DAB45
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwitchDelegateSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2141
                                                                                                                                                                                                          Entropy (8bit):4.797308908670296
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jLi:nd5CB7fdpFFFLq5y3jLi
                                                                                                                                                                                                          MD5:5740311FAD8393D3CD08CC7B64775779
                                                                                                                                                                                                          SHA1:29E2FEAFE34FEFFD690B8F102E87CAA9BA52E1A8
                                                                                                                                                                                                          SHA-256:45B33505F1DDBBDBE3B20D3511706ADFFE14A3A411CEAE6CBE92CCD4B73B0A66
                                                                                                                                                                                                          SHA-512:5A2E7E98FCF966F7170E13C8C505D26B402EF7653812E72DE2EF4D8B51F98DBE8F9C0FE32CC7684324F164671559801A10654C8BCBE54E7029A8864E04126479
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwitchSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2133
                                                                                                                                                                                                          Entropy (8bit):4.795371325434706
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L5y3jFLi:nd5CB7fdpFFFL5y3jFLi
                                                                                                                                                                                                          MD5:95806D0BFADF617CDB91B9BAACAB5429
                                                                                                                                                                                                          SHA1:2102999EC25BE88F138EA7C8FBF2A1BF4454C766
                                                                                                                                                                                                          SHA-256:07911DFF4B3128DE29FB83223A78878F9E972F35A596429861C7EA7956923B2D
                                                                                                                                                                                                          SHA-512:00D3B1DD1D764859249A5997EC4B2EC68FDF7C245A3AD4276A81370B2F43090F41D32DE48D94307703436E661EBAF64FF96332F109B0E611B74521F28C8F8004
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TabBarSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3675
                                                                                                                                                                                                          Entropy (8bit):4.529921894562925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LumN9scvaHjpEuaHjpj5Mt3jFLi:nd5CB7fdpFFFLum3scqjy1jp5Mt3jFLi
                                                                                                                                                                                                          MD5:4FD60455B2BC1F81B99ACF8A05B7CD49
                                                                                                                                                                                                          SHA1:FF39078653B3F8F1EDAF53430B2D51F3A2581EAA
                                                                                                                                                                                                          SHA-256:EEEF272650B489F44319B5490575515A98CE50AB04503402BB9BA27F5F566AD7
                                                                                                                                                                                                          SHA-512:9D7013EC552FE93C153FF6EACB01CB6BA415A5259338FE6DE4518CDAE073D60ADB3CBE577EF450F42B66D62347A95337493276DC999F11C9A4350D11B6EBFAD0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TabButtonSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2133
                                                                                                                                                                                                          Entropy (8bit):4.795371325434706
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L5y3jFLi:nd5CB7fdpFFFL5y3jFLi
                                                                                                                                                                                                          MD5:95806D0BFADF617CDB91B9BAACAB5429
                                                                                                                                                                                                          SHA1:2102999EC25BE88F138EA7C8FBF2A1BF4454C766
                                                                                                                                                                                                          SHA-256:07911DFF4B3128DE29FB83223A78878F9E972F35A596429861C7EA7956923B2D
                                                                                                                                                                                                          SHA-512:00D3B1DD1D764859249A5997EC4B2EC68FDF7C245A3AD4276A81370B2F43090F41D32DE48D94307703436E661EBAF64FF96332F109B0E611B74521F28C8F8004
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TextAreaSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2671
                                                                                                                                                                                                          Entropy (8bit):4.72151869806158
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuEDPg5Mq7RHw0Li:nd5CB7fdpFFFLuaPUMq7RQ0Li
                                                                                                                                                                                                          MD5:62B72DB372AF6CFEEE3985E9CD61CE6D
                                                                                                                                                                                                          SHA1:A047BDE19CBC6345BC62FFCA3EB1FCA2D2BA1576
                                                                                                                                                                                                          SHA-256:0979126C6959A3FA443DADBFAA011EE91E5B1527D43837FD75221C6170F9F090
                                                                                                                                                                                                          SHA-512:47D34ED9CF6149DCF8D7B7EE27D735C3E846B437C4EF5B230CF5C2AA9DE2751F3526009051E9E020D2E44285EE1207F69947440CF54869FF06066AB1C90E9945
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TextFieldSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2571
                                                                                                                                                                                                          Entropy (8bit):4.72459441578105
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lu8sDPg5MFLi:nd5CB7fdpFFFLu8iPUMFLi
                                                                                                                                                                                                          MD5:317C74CCB8937A07084B708C6F2E9056
                                                                                                                                                                                                          SHA1:438F35665C83701912EFE299E2DA61C03783A5DF
                                                                                                                                                                                                          SHA-256:40CFB38FE9F3B3EBEE99CB27CC61E76BBC06CB0FE77C20BA658DEE9090805357
                                                                                                                                                                                                          SHA-512:AB681BBAD9971C794EBE389EA8E65B840C0ABDFA914F30D0B56663BD7A703F51CD0475E365276FAE4B20E4D9BEE5539004AB95E6E3F8559136FAA4E4470D09CD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ToolBarSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2670
                                                                                                                                                                                                          Entropy (8bit):4.698654419425004
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuK97My3jFLi:nd5CB7fdpFFFLu87My3jFLi
                                                                                                                                                                                                          MD5:871BBA0EE60C356C2D7C83C9F240E957
                                                                                                                                                                                                          SHA1:EDFBA03D6D8146BFC3FF0E55DA400F06A5553D07
                                                                                                                                                                                                          SHA-256:3F0EC5B9A838CD155BA4426A7D91A9830D300BB2EC08E04685589815D7A20C1C
                                                                                                                                                                                                          SHA-512:1C9E86093A6027C28BCD94B714A7F959FC5DB3A7E289A6E55946ECB24E31D9CE8C96DC31CB5D8CCD5037CADA1BAC6F0F63250AF1FB190ADE5B2A133323B371F1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ToolButtonSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2192
                                                                                                                                                                                                          Entropy (8bit):4.788553950637862
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lot5y3jFLi:nd5CB7fdpFFFLot5y3jFLi
                                                                                                                                                                                                          MD5:920C6A6B84D14E1995291B8177A1141C
                                                                                                                                                                                                          SHA1:C9AB88CC4C09EFBBBA25B63A70479D3159A837BE
                                                                                                                                                                                                          SHA-256:9CD02378488E8DDC891CBC1E7718BE197088A628D07100ED2D676B958F57B81E
                                                                                                                                                                                                          SHA-512:1FC8193CA7FBBFD005A4D8169535789086460F4F2272086FE44DA7C9E793F9E4B056A5F7D9BBB25BD818DC56A7FD96864F6EB8ABB244E5C27644FC8D9BA04C22
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ToolSeparatorSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2578
                                                                                                                                                                                                          Entropy (8bit):4.712580026164849
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LulCZrLMjLi:nd5CB7fdpFFFLuQZvMjLi
                                                                                                                                                                                                          MD5:E914076BFCB44AB249639204B52A85D1
                                                                                                                                                                                                          SHA1:6FCE74E2446DA8A4C506FFFB1255FBB2A5936533
                                                                                                                                                                                                          SHA-256:050A484049871C745112B1CC321BF1EEEF61748D809707B5CB1D946578D67CD7
                                                                                                                                                                                                          SHA-512:CD52E91805A428E5AFCF477D8A5DD67F38FE591CAEEED52050D0575DDC08A28F534BC7D1D7172921828B13D2F87E8CE8C5517C703291C4A6E2C0A6E47B2940CF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TumblerSpecifics.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3510
                                                                                                                                                                                                          Entropy (8bit):4.542180543006354
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuzaHjpjeaHjp2bTT3A3EMjFLi:nd5CB7fdpFFFLuGjFlj8bTWEMjFLi
                                                                                                                                                                                                          MD5:8A21CB05BAFE538A8DBDB027C8C483C4
                                                                                                                                                                                                          SHA1:6D40134BAD0A93902DEC320F64F4B7EC5AB9ABE3
                                                                                                                                                                                                          SHA-256:58C5D2472E3D36750481A8617D222F8A666DACFC5C13D82E4258D8DE5A9AC190
                                                                                                                                                                                                          SHA-512:72A68D2A04F5AD6AF2E329FCCF7EE81F5514F80E1F571ED870B345D47749C17A2A4028CFD7E2A7357B54896B79EC23884DF04A4E6BC90B7664C2E00288B91966
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\busyindicator-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):320
                                                                                                                                                                                                          Entropy (8bit):6.143538258317517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknHIgn7oe3lDbbF8aJUHpXaX2q7p1nFRjtdp:6v/7gPnt3lD/hWJe1p1nTx
                                                                                                                                                                                                          MD5:F6ACA7D1A684343F1A7C2AF895CE7B4F
                                                                                                                                                                                                          SHA1:6B1EA6AE5D35153161EB2B222E8F2836145CABEA
                                                                                                                                                                                                          SHA-256:02E0FA98254896D80E653F6223670ECAF5B289E9326B569DEDA68FB9B3A924ED
                                                                                                                                                                                                          SHA-512:77BDF98D0FFEC04B070F69A5C0CFFBE94BC1E53F79C871A6209259AC1A6237BAE0B212E94FE18547FE11F350B9247837F56DA331D8D3B29EF2DA902B0A378527
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...................?PLTE......................................................................tRNS.......%)0Miz........3.b....IDAT(..... .C..E.)p..[........B.Jo............$gw~..Y`5.L.^.+..n.;).u....=}..x.....y?..|~b..{.`..^J..;..BI..x.F ..TX.VJj?~.V.-K......$........j}.d...9".D....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\busyindicator-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):229
                                                                                                                                                                                                          Entropy (8bit):5.609680159962802
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIFufFpgGDj01mFVKxxi6vJbqXkR+g4HoSp:6v/7lm8VKy6vJbj3fY
                                                                                                                                                                                                          MD5:7B919E5C952E44182377DBF7FFFAB9AC
                                                                                                                                                                                                          SHA1:EDA8EA728C5A766BE2BE1124ED43E99FBF142E14
                                                                                                                                                                                                          SHA-256:2733397B655E5CE5EE38A89CE4C47E608CC439C61479191CC769E3CB2047FCAC
                                                                                                                                                                                                          SHA-512:17713CD9ECB8BC852D6D391CF101ADA75EF51FF55B17F5FC2B29C16154124BB4CC9F149864443A6748CB0B2E118CF3078083E27D12FC9C306C4C3416C817A193
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R...-PLTE...............................................q.....tRNS....'NOqr..........YIDAT..c```....B.}/......M....J........w...s....N2 ....d.a.....~.`x@.Z.T..```.j.....n)...............IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\busyindicator-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):643
                                                                                                                                                                                                          Entropy (8bit):6.520420673107778
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7+fsDvf2ccFNcitVH1aApsN4AHCIMUqc3tj7vkmmbjM6d1b7/N:UH2qNeIMk3tj8Q8p71
                                                                                                                                                                                                          MD5:B030185F421E78A62BB53F32F538669C
                                                                                                                                                                                                          SHA1:90AE611AE062B498E40169F5BBF06C29277596BB
                                                                                                                                                                                                          SHA-256:E0CDD5067406A7AF72C33ABA8BBE7DDCB67B35C3AA232CA538F0243D35F9DBC9
                                                                                                                                                                                                          SHA-512:94A708396257507B173A386FEA9186B53BAEEE9C979E0D05AA6CD42BF34D27563FAB1E0DC622B7E812C80D0E35883E6554CC16B49FE5EB445BFB05598CB6E10E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`.......PLTE....................................................................................................................................................],C...0tRNS..........()07:<=>FIJRS^ersy{|..................I.....oIDATH..V..0...r#..(.`4..u+.P....|s.....5..x..1>.H8.'y.3.....Q...".....V...t.7a.....w.w..&..4:V...U.T.aB....Q.l..5...f{..)......mY.B.6..nUN[.f..M.s:...P..9.....p(.!....3..........?..*.....,T.g..Yj...c...4Mu....V.........W..{...f...........v\....=`T..J.=..g....F1.Vkj[-........E..Y.'........d.t#.EZ..k..P..~.n.w.c(..P....e.|..9.....)zCS...O.].. .9.....B.]k~H.E....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\button-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                                          Entropy (8bit):5.469002487170409
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3V/1I/dNNNNNNNNNxyZ9lyQb5/fySxZ95YOChYkX16zUrc/sg1p:6v/lhPIvIgToA5/fysZz+Ck0zU4p
                                                                                                                                                                                                          MD5:4534457062287689BD692B7A13361A44
                                                                                                                                                                                                          SHA1:208DB74BA6E5B1BED15CEA8E8797E80CC9D23F15
                                                                                                                                                                                                          SHA-256:8B570AFCF93F9FF7D2299D1689D372B57DF9C432946C28EC5688D437070DD8C0
                                                                                                                                                                                                          SHA-512:0EB687EC15C7D97908EF8C4B2D835B2B5E229CDB23595B0016B582DF8A880513EE7391824A07EEEB002677E621E90D983569DA34D00579F0713E23101F2CD1E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE..................T..T....tRNS.W..........:IDAT..c`...v....C...P8P`.Ep..L..`.W.'.!...rP....b4..(.*...:+...V.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\button-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):145
                                                                                                                                                                                                          Entropy (8bit):5.257752058503895
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFg/dNNNNNNNNNxyZ9lkeWsFhGv8nNmRanZlgc/s/t2rPltjp:6v/lhPIFggT+enFh080RaMO1rddp
                                                                                                                                                                                                          MD5:8083A160F5C2087CADBCCDC01F9C63B2
                                                                                                                                                                                                          SHA1:0FB5F38A6A653E43CDEE07EE997A3D4DA449B414
                                                                                                                                                                                                          SHA-256:BEBDEE848CF1B6041D5FE1E00B064AA16F7CFF5117A3BA72511E70E69C52B888
                                                                                                                                                                                                          SHA-512:84C4F70540D1C0EE06CA3AD8372267C4209C405A675FA57FFD58CA8A1371297F8206D315EEC87F2493918C2DBF8827D730D87C4785BF6B21FA0B7402FADDEC1C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE..................T..T....tRNS..vw.......)IDAT.[c` .....A.!.j(..3.B.!..P.`.........s..e.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\button-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):259
                                                                                                                                                                                                          Entropy (8bit):5.71443892677564
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknlqBjt1E9EXjjSBQih6/EZucJK/eDup:6v/7+aVTjkQih6/EZ7JK/P
                                                                                                                                                                                                          MD5:DD53095F7BFC5BBD192CAE63C58F7BD8
                                                                                                                                                                                                          SHA1:B2F57BC3FBB5D75621F56FA1E4C60B0EA8A5B9E8
                                                                                                                                                                                                          SHA-256:82C19B31BB0AED7546AA71A9BD909C81056D72C0B91C0B6846F427BDC03A738A
                                                                                                                                                                                                          SHA-512:8F376E4C2257D84B0346D0DE89B106D3CDA8604FD61585F367F4A93CA228B138F51B8A79F9B67BF2DE6D20DD7B3BA476904A76EB8242CD6651400C1B86450490
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......9PLTE.........................................................B..}....tRNS....NSTU^.........E..^...gIDATH..... ...(*(...X..GC.n..........\.........g....^....~..L..J.....j...Z..g.?N..\>.....+*...g.....K..qZt....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\checkbox-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):258
                                                                                                                                                                                                          Entropy (8bit):5.769852974575887
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPkn5Bjtj5oncPqyE+0AyZqKC3R3Y5LnhKrsgZNVp:6v/7gfZ5UcitN5Lhesgj
                                                                                                                                                                                                          MD5:E4E714C83C59B5D1C1556D1D62D64ADC
                                                                                                                                                                                                          SHA1:94128B464B57890874217983A4709BFC264E2CB2
                                                                                                                                                                                                          SHA-256:1311DD9623D476FAD26EC82C6622F52181E8C557309D3B0E4B964410AE49DD24
                                                                                                                                                                                                          SHA-512:221699D8CB7C1AED527FD48CE88CDE7B45EEEA5722575A9F0643BF18301358979D8EC7667F268C61087C111FF44B01AACD565B4D8894EE2F5CCA1FD87C31F694
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...................9PLTE.........................................................B..}....tRNS.....BMNVf........x2. ...fIDAT(...I.. .D.......j.!....* ..g.+H[..4c...C.!NX.v.g....t_.:.Xl...e....b{.n..:.H.m.WL7....>..n~...."kCY.<....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\checkbox-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):230
                                                                                                                                                                                                          Entropy (8bit):5.501711814905997
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPf8p8er+xDTH0+4//yQwWVkM/7Xup:6v/7rHU+4twWyo7s
                                                                                                                                                                                                          MD5:12F453D200D8710234AA4169EA478BA5
                                                                                                                                                                                                          SHA1:201E20F42C7A74A511473DDCD5E17FE72F5C1D30
                                                                                                                                                                                                          SHA-256:C79B4B9C3C7C95C8A9A7F387B7565003904AB92754D808B63B603695A7782BD1
                                                                                                                                                                                                          SHA-512:242BEF772E6F744B05124DF0C994C87F19AB0CABA8879D9408041D45E09760B025E02BD4CB0FBFE3B67C73DEF02917E507CA1BF99018B1D0B0A1FD5D3F7461B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............(-.S...6PLTE.............................................................tRNS....7BN[dy........5R....NIDAT....K.. ......H{..F....{!.w.,....M..6.h{.d.Bq........d...8..n..V........{.z!*'Z....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\checkbox-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                          Entropy (8bit):6.386123520993223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknl8prEpejaRh6vxjTR7VSFklNZS+EO0NJCkXxNe6BVp:6v/7+8EpkanAlTpIklNZS+EhBZ
                                                                                                                                                                                                          MD5:3240EDC9A58EF6D6C06679B4763D36E1
                                                                                                                                                                                                          SHA1:66B8EB1443C8D1E89B8601D847CF1544A59EADC6
                                                                                                                                                                                                          SHA-256:81497DEC610FBA4092B6FEA708898EF5378C556CF50547DB745F0D2BB0B15E0E
                                                                                                                                                                                                          SHA-512:71D24D5E15CA1A932E2F616A6C08B8E341BE50248CA19D65E4473AA11664C8F35A685D277383472EE353A91FFBE4E3821DCDBA653136473751FE71D704367FD6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......6PLTE.............................................................tRNS.....BV[q........w.k+....IDATH...I..0.DQAF..../.....p.1....H.{.c.4.3H.....S.x....(...Q. ..'..... .........).......>../..Y.._.4.....^..>+.........&b..E..5.......}@..r...=.E..G....K.._.C'{qk\R....<...S*}......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\combobox-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):156
                                                                                                                                                                                                          Entropy (8bit):5.51538504512303
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vi1I/XdNNN0ox8s16YAN/qppDLdi/FMvIdtEXTTxEzlkup:6v/lhPI4ycEG+pDU/FMgyvCqup
                                                                                                                                                                                                          MD5:BDC4AD29F88ABCF3DA6F4DAF4F255E4B
                                                                                                                                                                                                          SHA1:DA56D429D47258D688DB4820FDC5392490922536
                                                                                                                                                                                                          SHA-256:1339F0EE67AF481730246CDE6C2294E75389CBFBD88AE7E92E978E24C5477E1F
                                                                                                                                                                                                          SHA-512:76B520DF6953AAE8A830B428FA74C5EBBC3B2630EC522460B257A801DCE62389B93A3E7C1CCA8365598E103D4EE9B73391980626F61FBDE36C75B641F96282F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE...............XK.....tRNS...=..z...9IDAT.Wc0F..&.P`.......7.E...0..=F.P`...`....r..b.P.Aq(.=..R!..y0^....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\combobox-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):155
                                                                                                                                                                                                          Entropy (8bit):5.465551917222923
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFg/dNNNNNN0oS5TRiiF8kOBl6kxtL50UX3vzzcOhKMBsg1p:6v/lhPIFg2Dkm1S6kpRPcjup
                                                                                                                                                                                                          MD5:C58451EEE1E3AD638BCA2721FC1BDEBB
                                                                                                                                                                                                          SHA1:C91CB88CD0CFC04A28CA9B2AA350DB880320CEBF
                                                                                                                                                                                                          SHA-256:5C8669BBAF53135CD9A908C7DE90A765E6AA63291D4F38188B2FD8CEB7D42EB3
                                                                                                                                                                                                          SHA-512:8BF9B2E65F43DB2F107CC78446146094D85084860EB434B26077983AF7313B5469186B09099407278469D422FDDC5F996F011ECF4FDF2D730DCD7C4C48CA9DD3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE..................*.....tRNS... Y.....4IDAT.[cp....P.p..2."p....\.. .80082..V.D.........S......G.:|....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\combobox-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):185
                                                                                                                                                                                                          Entropy (8bit):5.903493780063343
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARtjm/dNNNOq6D16YAN/L+o51oD0LjOn/CB1w7ELh2zrlnewsup:6v/lhPIARomA6o51u0Lj+6g7Fsup
                                                                                                                                                                                                          MD5:83D896D94C6CA31FFAEC6FA627238C23
                                                                                                                                                                                                          SHA1:88C22B903160F3400DF59DAAFCF45640AF16D36B
                                                                                                                                                                                                          SHA-256:2A55B72A3BC42AB0292FBE1259E27F4FADFB08C19DB2A6012523AA8FB221CA52
                                                                                                                                                                                                          SHA-512:68E77DC8AE66D21DDAF348D09B8692B28BD3B0EA9B44E717FFD6C37223B10F094FA0353729397978AF2725C82A726FC339AC00B0F408217BF20F65F52D143FFB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE..................|.j.....tRNS...=..z...SIDAT8.c0....0.E......I....c..i.J.)))..A..4@~.......@`l..F%0....h....0@..qT.j...:;....#.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\delaybutton-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):189
                                                                                                                                                                                                          Entropy (8bit):5.871937360351943
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3VMNgFasvfflnppO13rAt/8AmFFBvSROFZ0ukF9A8nVeNRcwXnzV:6v/lhPIWN1svfRDWBKOFiHA8nVeNGezV
                                                                                                                                                                                                          MD5:9383E2D967A060452A5323B19796A73A
                                                                                                                                                                                                          SHA1:BE93E4D03D5E01D780EFA70972AB169B4131DCE7
                                                                                                                                                                                                          SHA-256:9A87ACE858844CE30217E692274F96EB064FC3EA3AFD7CD22E73481BB73F3D3C
                                                                                                                                                                                                          SHA-512:6942276C3A93605450001F9C97966136BAC7A5E745ED8E98E37964A5016BE6460D4C6E8C23DF14340058DA54527FEFE11A68B9C9E12CE1907F08CCDA60002F37
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....!PLTE.......................................tRNS.W............CIDAT.Wc`..P..j....vG...U. .....-...!..ia...3.Bp:P9(.P.@1..R..P....vN+r[.f....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\delaybutton-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):160
                                                                                                                                                                                                          Entropy (8bit):5.583083551319813
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFZ/XhhvlaOEPYg/V/HGPiyfdWg0MAROvWs/Bn3W/ljp:6v/lhPIFZMbVHUi2dWTMqpWGdp
                                                                                                                                                                                                          MD5:1973568770BDD755AC3DDD62F4B377F4
                                                                                                                                                                                                          SHA1:7F2B4EFFC633C694F83897989C1D5F3ED289D613
                                                                                                                                                                                                          SHA-256:F62AB5573950155F52AE1B7911A7ED547E877785883D77307CD5953DDFAA0D5B
                                                                                                                                                                                                          SHA-512:DD89CD5ED86A32D43C4423D893ED3B99455FF4E46CAE3271424D2C45F04066684EAF5330BC1F00220139F144BF42DAC1B15112BA86543D3D254262C507EDC5E8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE...........................k.~....tRNS...w....s.....-IDAT.[c` ..dtt....2xt.......F)C..Q.`........LJ.}.+Rw....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\delaybutton-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):286
                                                                                                                                                                                                          Entropy (8bit):6.4251142206504
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknllBEnzbLvIJ/347m956L3OXK5mrkRsIYw3duHSEs5+8up:6v/7+rMEGK56qXK5mJIgHbs5zc
                                                                                                                                                                                                          MD5:B960E1EDAB34BF8BD9389476B8DA9AF8
                                                                                                                                                                                                          SHA1:07916BD86603368FC714FC26743826736F449992
                                                                                                                                                                                                          SHA-256:53F0385B1E5ACA0F6CAF5D38895EC5F5DA1AFB61F99BE8FCDA086DB44342BADD
                                                                                                                                                                                                          SHA-512:FAC128FA7C28B704D1A41C2890C855B6C1A04F24D6BBF1B66C73E848E192B42A4E60A43F70FE3D27B628978EEFDE7BD27D7D20327E5BC2C4EA28DBFE52DFADE1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......?PLTE....................................................................tRNS.....]^bc..........&......{IDATH..K.. .D..E....YUbb$,.......D.R.f.<...zs..$..N....".F`.U.r...6.G.........M..<....&x.L.......W...\o|.......5.(....QY.W.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\dial-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):267
                                                                                                                                                                                                          Entropy (8bit):6.250216684699836
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIiImcNRN4hUunrvSDsx+MPo34pvCpKEp:6v/7AiI/74iKrFTapL
                                                                                                                                                                                                          MD5:F469DE0C31A22D0F4D723AE278CC571C
                                                                                                                                                                                                          SHA1:8AF033D0E9469869F1F10A4C711188B795B35DFF
                                                                                                                                                                                                          SHA-256:B920792965B82F5E6A6050584CAD23177EAE03CD531703858C97C7F9E1562B1D
                                                                                                                                                                                                          SHA-512:E6ABE5836145C77972033CE72C5CC49064AA2D7E7DD4F170FFCDD083B5B9AA57DAA3DD9684A5B928BA9F3A60D5DCC9591859858F81F6AC52EB97F96F7F1C1E91
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....$PLTE.....................................{@h....tRNS..(f|.......c2.....IDAT.W].!..P........,tV......B7.X....L...o..'.t..3w.^...L........^.V~r..}..W.!i..{.3R...."..(.5.j..G....'K,ju.H.1.Gt...I..9."..?nq..!.U/.,.E1.I.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\dial-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):243
                                                                                                                                                                                                          Entropy (8bit):5.807736350030957
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIFufFp0j2xNshovxrds8/Y6+qF8KYp:6v/7l0jO+hors+OqF8Ky
                                                                                                                                                                                                          MD5:57109D7FEDA9C3F87A7E3846CC79B710
                                                                                                                                                                                                          SHA1:5C9E5D4239C3F6E05A84345A77FAE721FD53A46D
                                                                                                                                                                                                          SHA-256:5D34C18970ADBA1C6E1CF4BFF1D10869610F9C634566E64764473DC978CD3589
                                                                                                                                                                                                          SHA-512:5EFEA5867D5B2CB49D0B35310BDC1FC4F81024E2B078DC5EE88587FFCA0057D65E23ADD927602868484C0644C22B369CF8756DF7FA3113A129848F812137AADE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R...-PLTE...............................................q.....tRNS...6J|........e..O...gIDAT.[E..D`.@.GD.J.-tb.+n.....l@g..F!N..p.......yk.........;.Z.X.:m.=Yt}.....K.M.pR..d.=.z.O.....4V.d.<....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\dial-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):505
                                                                                                                                                                                                          Entropy (8bit):6.624754480129074
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7+d/Kst4a0jT5tHMv5+939ZGFau9GS:5KsC1TLh9SZ9GS
                                                                                                                                                                                                          MD5:6B7F152AF76271D769C04DBD50DB3F40
                                                                                                                                                                                                          SHA1:08B1B382ACBDA38EB145C22F56E5BDB12181CC70
                                                                                                                                                                                                          SHA-256:8E5865DEA50E264BC454A474B5F92902A0F7BEDAA2841F7E967B8A9741BFE16A
                                                                                                                                                                                                          SHA-512:2C4AA84F219CEA7C3F3F29B90003416C85D4D8E0A81E9989ACB8987982B0FECE43EA0BA2F22459C654FCF8A5A295C8B250365FC86EA019852651F4F6E79B6A87
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......WPLTE........................................................................................X......tRNS..... "-;A\`sv..............I......5IDATH....0.E.j...Z=...}...BZn.c...@.8i..i..wUJ.H...C......k{V....[.I....1;...,%.....>.(}...q\t........?....;...........n._..Ww..y.....V.G.[..x7...%"J.....j.p.%.&....A..Qz(..V.H.:6.R8.@ENh..+N.Ck....0..d3.h....#v..K..iu6.'.F.Jh. ...!......'.`M.!.....s..A...R.=*.0VX2u...,.../E../v......o.?wQ....S......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\frame-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):121
                                                                                                                                                                                                          Entropy (8bit):5.0593094555620866
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclBsNgFdy5gB45lzpbtmVCoEp1p:6v/lhPKon5EWI7Cp
                                                                                                                                                                                                          MD5:7E6BDF51F87F56FB5093C1B7A44AA6CC
                                                                                                                                                                                                          SHA1:E6C6C44370D5533FB2607F6B07EC11EE22D26804
                                                                                                                                                                                                          SHA-256:34FA2C4574D3640EC71AB2A381EE781995E4772A060AFA6BD8FB9B13577218A1
                                                                                                                                                                                                          SHA-512:A2F0184DE218D17116603E6AE081A6AE8E5A8AB7E61E26F12BEFBF4406AA971A43FB2F42DE00649CED72897518C8A454522ED1261F4F7004ED1CD14B76E2BDF2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................k....PLTE.................tRNS..k$.\....IDAT.[cX......P .bX...Zt..9...i(B........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\frame-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):117
                                                                                                                                                                                                          Entropy (8bit):5.455053274580113
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3lSXjl/sTP7EGS9HFcBtsg1p:6v/lhPMJ/eEGOGLsup
                                                                                                                                                                                                          MD5:766E3F26956EEBEA7E58F7EAA255E0A9
                                                                                                                                                                                                          SHA1:B0701080F38168A7B1DA6C9E6FE56D62BFA72F1C
                                                                                                                                                                                                          SHA-256:2F8A816D42FD5F91C6106C89DCEE793697E9801419CF935ECDEE902463E2720D
                                                                                                                                                                                                          SHA-512:3C510601EE6E45CBAD04A9A3D5424A338FEDCC12D0BB54D0AED15DA303AA7761714A6ADCBDBC00580245E4D8FB4F8DCB5005F11B29328530F84283D62C0274B9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................a...<IDAT8.c\.b......%.....X..$.}.b@DD..Rt.X......^.5`.....8.......kK......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\frame-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):125
                                                                                                                                                                                                          Entropy (8bit):5.243817741577587
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZ2NgFdy5gB45lsPZdDkYq/jp:6v/lhPKaZ6n5EhdoJbp
                                                                                                                                                                                                          MD5:4F401A378BAE5EC0DB197F520C42B7B9
                                                                                                                                                                                                          SHA1:D670D2641B4F15B85598EFABFB20B863751F18BD
                                                                                                                                                                                                          SHA-256:457668FC7504283BF117791EDC3EF901818AE857387FDE1D0E1F17B420741266
                                                                                                                                                                                                          SHA-512:21A7C33C52C81B8BAFE1465C99F1972D49F3BA944B5A03D13175402796B1B8506F47D14ACD5FB4D6FB32FE204B2B1AFC65F065BD8126F41A11CEDA826FB0BB4E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE.................tRNS..k$.\...!IDAT(.cX...(.,...( g...p.r.0..)....V.*......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\groupbox-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):133
                                                                                                                                                                                                          Entropy (8bit):5.246035098126626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/8xt+K8OxaqI5Ef87bKgtaN1p:6v/lhPKN2Mj0qeA+7eaqEEf87ugo/p
                                                                                                                                                                                                          MD5:042FAF7D1A086F9E9AF22C094643C5F2
                                                                                                                                                                                                          SHA1:3EFF561529525411F04235FB244528A1C2FBB071
                                                                                                                                                                                                          SHA-256:FF9230939EAFDFC03C31F6DBF9B42DC8E5FC6E76904638BD0AF04612BB6C3D88
                                                                                                                                                                                                          SHA-512:2FC05DC040A863D2B950BDF3A38B92038EF2820FD0389A0F296EE5CF3D995AF05E1D8A9F312C1791B7EBA37D0FB1C3337421972C75FD2AFB1B797138F96CB6F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z...%IDAT.[c........T.+....OC. ...H.....Z../&....*....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\groupbox-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):125
                                                                                                                                                                                                          Entropy (8bit):5.663640357531416
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3l6hRJr52sgFV9tvwJg0UgkxCAAk9uldp:6v/lhPaLtzApkg05Plk9Kp
                                                                                                                                                                                                          MD5:87AC315DA1986A62AC59BAAB0F3E1879
                                                                                                                                                                                                          SHA1:06C5886D2BA1BDB8B55D629C29F7FCA703BA6179
                                                                                                                                                                                                          SHA-256:9BAA51F7C2E36E6FB68AE25F417034E9CBFE67A7263D521A39304A36CE8581A3
                                                                                                                                                                                                          SHA-512:08AD89B10EB2F691856128DAAF13A1580E2DBEF60AB93C9889F160D6C74EA1E789CBAB8EDE680B5C1709C2ABCD9F6E5FD2387730DFC6633D410F429990F14253
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................a...DIDAT8.c\.b.... "".....!..0.......V```.H...0.>FDD| U...+(..Q.....'e.%...........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\groupbox-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):136
                                                                                                                                                                                                          Entropy (8bit):5.361318775883497
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/7xNLYCpxK4NtU3MdPrH1p:6v/lhPKaZz2Mj0qeTZ3NtwUDVp
                                                                                                                                                                                                          MD5:7E7E8E6C62C4A7E5B88C538D1B42057D
                                                                                                                                                                                                          SHA1:826C53BEF1EF0B7879468DB99163B1F901C199ED
                                                                                                                                                                                                          SHA-256:8BFAAE84606A3B98252BB9036F135730F6FEC4B4976A832459DAE1014025F385
                                                                                                                                                                                                          SHA-512:80E64AB1B4FC7C0C84D39D856D3FE48F5EAD61FD5A8356329FECBEBC796E7E6246B7908280CD86975FFA6C9186B127EDBEB859CD7190AEE52D25666F8B11FE44
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...(IDAT(Sc.......b.u..$.../....."..r..!....r..%.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\itemdelegate-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):127
                                                                                                                                                                                                          Entropy (8bit):5.1918308574182515
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/HUsMNkjpsetlsup:6v/lhPKN2Mj0qe8sfZtljp
                                                                                                                                                                                                          MD5:7E7DE1032C535E882B02674DC7E02170
                                                                                                                                                                                                          SHA1:BA61D45E138221E41F8C04400163E469C9D89F33
                                                                                                                                                                                                          SHA-256:AB5FBD265A69F34A4AABF064594CE5DD9DB497F9E0B78109BBB6CAE248EE2E6E
                                                                                                                                                                                                          SHA-512:6797BFDE68249FD72C31F34803A239617D9BDE2872438E4414532846D964E1A611D1A785FFEDF7354DEEC6BB90F2B32C794364B00788661DC1F7787A50DF7DD8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z....IDAT..c.......B.........(...U...81..:y;....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\itemdelegate-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):124
                                                                                                                                                                                                          Entropy (8bit):5.135563403999344
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vn0Xl/jgFdNNNWj0qIW16YAN/3xtAlVys9CUUPtjp:6v/lhP2l/UMj0qevsykUVp
                                                                                                                                                                                                          MD5:F921CB25BF44DDC67E07FD72E43B367A
                                                                                                                                                                                                          SHA1:1439ED4850A760D9AC649D474628D9F30C63CE28
                                                                                                                                                                                                          SHA-256:2ED49E5D10F3EFF68CD57F9F5CA18E1649D79D64430CD0C27C2F379C31E2C5BA
                                                                                                                                                                                                          SHA-512:0D4C2CA1F2046D13EF4BFCBEBC0C197322E043529DC3201052005FFA9FF23DF3C1DD24B2911EA39CE975C46464E78D14CCDB3460F29FE3ACABA3DD89B2CFC2EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............b.......PLTE............3.......tRNS...=..z....IDAT..c.?...R........#.K...VI.........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\itemdelegate-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):133
                                                                                                                                                                                                          Entropy (8bit):5.269977557111846
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/8xN0GFOLV9k4FsSC+J6KO/sup:6v/lhPKaZz2Mj0qeg0xG4FsC61kup
                                                                                                                                                                                                          MD5:EB6E3B2C894942E0A02A4B59D8E448EF
                                                                                                                                                                                                          SHA1:2907271E950E9A60038A3F0D3CC62A61BD4014A4
                                                                                                                                                                                                          SHA-256:35CD190647589D00427E03F347FB9A0E68FBAA18F3556393F8A9978C83287BB8
                                                                                                                                                                                                          SHA-512:F66FF8DAFF81EF93ED510A234E36630BEFFF11125EE1B940A37050DE78EC31CE990F2BF211AF50C00C8D08C2246C0817B03C063C705DF405A215084F84A10ACC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...%IDAT(.c`......p~.BA<........i.....I.7.oU\z....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\label-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):206
                                                                                                                                                                                                          Entropy (8bit):5.3583146417446965
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3VANgFdNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNlpUpvOvgi:6v/lhPIaNFpWvgMnkJWB/q5EJ4JmUup
                                                                                                                                                                                                          MD5:EE11EB0C7CF005989CF2D5B72D0906EC
                                                                                                                                                                                                          SHA1:D1A62398CFF772D6209011B49A9CF4AB513CDEF2
                                                                                                                                                                                                          SHA-256:E66830233371D21E0DD1613E4CD968C8ADDDDD38459DCA332EB1184D30005B2D
                                                                                                                                                                                                          SHA-512:1F1D471115FAD3233476526159C1A8A428CF4BBF6BEC42AF85A6AEA9B32091ADA36CB7F8E13DCAFA2A5281BF8C9B205A6368F29DFDF971688C12284C3A890A58
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....-PLTE...............................................q.....tRNS....(2Uy......!..o...BIDAT.Wc`....{.........w.N6.T.).{....3..........E...(F.X...T.R...qh].P....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\label-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):182
                                                                                                                                                                                                          Entropy (8bit):5.198856669391573
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFl/XdNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNC3q13Gr1YJ+ztr:6v/lhPIFlga1Whk+/c49nYu7toAPdp
                                                                                                                                                                                                          MD5:9450021D6A3D5C80B45CF667EF1950BC
                                                                                                                                                                                                          SHA1:ACFB4F3420D1C821307D8F89BBA242255E13E033
                                                                                                                                                                                                          SHA-256:8CE5FA2C227D57ADBF9B68BAA42A3765D81E34E8332C413E498E989074BE8701
                                                                                                                                                                                                          SHA-512:432BED28710D2E95E5863DFA83B1D9497372F13E21340E174B4C62D84539DD7E232C46522B01CA33B79BE9D7DD05714591B9F13BD324F7840D407D0CAB3BD356
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R...'PLTE........................................O....tRNS.....,[........*...2IDAT.[c` ...9.....g ..3g.()).a8S\..9c`.&.W...7.7..!.*oGh.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\label-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):284
                                                                                                                                                                                                          Entropy (8bit):6.115747116127996
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIARee8GsJuktMn/9zQq+4mPsT0dSGNXUxoUzNp:6v/7A0eehx/9Uf4mUTKStx7zj
                                                                                                                                                                                                          MD5:15133EBF59CE75785ED464ED47AFC1A4
                                                                                                                                                                                                          SHA1:EBC5FB34B88EFEDDEA726B8BE6B1388005980CCB
                                                                                                                                                                                                          SHA-256:CCBC36BE31BA5B576570753FA92181B887E9A048F9155B2CC630BADF2F229B3E
                                                                                                                                                                                                          SHA-512:B80B4D3E39601A8033BAA5C85213F1DB5DFEEE81465AA15B012F49F2C835ECFC9FD4B4B6D211569B7335DC8BAA7D43167215A18E38235874CBAB65DB507C4531
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,....0PLTE..................................................a9....tRNS.....,.F[.......-e....IDAT8.c`..u..4..gZ....c.......Kh...!q.?V.......H.....$..B......b........c....<..D.P"..U@l....f9T...N;p...?.>'6......3>p. .8.Jp.+.)q. .....Y)V......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\page-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):190
                                                                                                                                                                                                          Entropy (8bit):5.881734887732713
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3VdNgQBaZp1Awfx7vfo0wMn3Gp6XZhVdCr5UBx9yGFFXhKlJdWGL:6v/lhPIWQsxfxc0wMWoZhCUdy2XKWyn1
                                                                                                                                                                                                          MD5:44B9792AE29E4B427FAC96C8D12BCDF8
                                                                                                                                                                                                          SHA1:E93C17FF4CABB413F1BC887C476FD599B26295B6
                                                                                                                                                                                                          SHA-256:671571E519D51393F67C7EF6165ABEDF2CBCF6A5ADEC760D62F7477733791610
                                                                                                                                                                                                          SHA-512:0FEC2CDEC5A2CA9161495A8C53E687C325A1F9B9A3C18D011FB5D0F24A358256544502DCC75C6F6CCF1746041CBCFF6C090C48A5E03CB7EC4E18414E85320510
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....0PLTE...............................................)......tRNS...:Z|......i..n...1IDAT.Wc`.9..7.....?.........2._....7d........;..?....o.#....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\page-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):148
                                                                                                                                                                                                          Entropy (8bit):5.519999987133626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSF9fgFH1Jff4RSYmwakxt+SGy87l/N6lUjqlll2up:6v/lhPIFuDxARSTwag+zPN6ej6lVp
                                                                                                                                                                                                          MD5:385381175523BDC165BF712A8FAC7E3B
                                                                                                                                                                                                          SHA1:59FE04A9906D95CA5D5EDB900A51BE9B199A0969
                                                                                                                                                                                                          SHA-256:A1104B7C497367B054EA7BB7B13042ABCF6E2701B5B4FD2D32E4F0C288C61C8B
                                                                                                                                                                                                          SHA-512:3884117437688A657DA956335456ECA70C04E11D08E9E28C095C838D21AD7BD8AB801D736B60E2D777E703DC2EC7D66D8751D1E8BB92B2515674792FBEAC5C0B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE.......................A.......tRNS.............%IDAT.[c`HKKKU`.. #=..(U.2..a.b...h.....$..BO.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\page-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):195
                                                                                                                                                                                                          Entropy (8bit):6.190383509332898
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIAR2QNjIu/lETV/MFSqyyfP03RlFPap:6v/7A02Qael4V/Ez30Pw
                                                                                                                                                                                                          MD5:0AB64FB94D260B62E746AA234F701699
                                                                                                                                                                                                          SHA1:DEC4B94554DD9648A6C145E21DB73D2FBFA5340C
                                                                                                                                                                                                          SHA-256:470C07CF07F02ED291741433AAD88AB80F1EC7671D6403DEC3D74F7EE13BB803
                                                                                                                                                                                                          SHA-512:F62C30F7F158A81CB89F7FDAEDB81FD83F0D6A884B58B64457464DDE5C63210F294A7F6FA657350F8AA39C877A1496F7D4269B3D00B55157EBCCEAD0678EEA4B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE.......................G.d....tRNS......'I.&...TIDAT8...A..@.C.J@.Z@.... `C.>'..MQ0.........;.....da.E...^.hQ...X... ./.2......nz.G........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pageindicator-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                          Entropy (8bit):5.757540561484614
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vz1I/dNNNmINPV/nKSw6N/Yshkx9wSwizqt0DUHJiuuGhI/2FVN:6v/lhPIbIOINPdnac/wwQzK0CMuuG+/U
                                                                                                                                                                                                          MD5:CFB3903DD4F0891B40DE06E91D9A34A2
                                                                                                                                                                                                          SHA1:E9DC70E894EDFAE99CE1420E287B764229847CCA
                                                                                                                                                                                                          SHA-256:F464FA5BBC20F60471A1747B455FB5982C34E378602858EBC54A28128D53CAAF
                                                                                                                                                                                                          SHA-512:F1693DB0509145F75BB87B476582F048D68340BC015DA6690F0E8C40552369F93857A7BCC341BF912BC476C818976385F314CDC05BB98052008AACD03696D2E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE.............................y..0....tRNS.......($.:...=IDAT..c``/..V..0.s:..9S..83..9.)(."..`...0....S..@2.XI.x{...ZST.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pageindicator-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):158
                                                                                                                                                                                                          Entropy (8bit):5.6271769623894805
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFZ/XhrkiffQePYhItEKw5wlOtmtMZ00uir/lsup:6v/lhPIFZSEIePltNw5wlCmFbir/2up
                                                                                                                                                                                                          MD5:C23DCD49CBD59CD5CF1CCE8C98BC457C
                                                                                                                                                                                                          SHA1:A94ADF955764F9639F25D83CFACA27AF8B4D6BAE
                                                                                                                                                                                                          SHA-256:C55198FAACCEEF55982A3ECEBE54EE4DA5C602DE3F25F1CA8A7E0E47390A42D5
                                                                                                                                                                                                          SHA-512:91BB99FEFF3B4F9B05426A108BCFCD5E00DB974958811AE38EFE8C28D5C2D614D2112ECC1E4738619D790F727023F32018E7DB77E534C89936C31D27D5FAF178
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE............................p....tRNS.......XQe....+IDAT.[c`(///S`.. ."..hS.2:.a......`.3.d.(....)...p.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pageindicator-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):207
                                                                                                                                                                                                          Entropy (8bit):6.117092898241342
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIARkyCNvVz/jfFmq6mE4/rNMNdup:6v/7A0k73jfFmqnrNMO
                                                                                                                                                                                                          MD5:A9ABE784D39722F3B3FA5514D1ED8C89
                                                                                                                                                                                                          SHA1:2174CDEF184DDBF419B6B8439B2E5BB061B9D586
                                                                                                                                                                                                          SHA-256:F76D3DB6E89F93B8A94227791DF7679341C42BAA1C81D36290B0C3EAB6CB87DD
                                                                                                                                                                                                          SHA-512:D2A77BCC353D4D77115AEB88A21B52F785EEFABEFD5DB29E852478EDB6FE36A57DA7ED9C8F23FDC781D88F7910CB9EB747F62E61D53837CCE3E437068370F8DA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE............................K.....tRNS.......jg.....\IDAT8.c```(..2..d...H.%..C.#.....d..-(..ZP$...J iA....%.".C.....\...\..D.....J.U.b(w.J..`..!.m...~.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pane-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 1-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):93
                                                                                                                                                                                                          Entropy (8bit):4.992746311106649
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlj/ulrIoqPi5xl1aw6/p:6v/lhP9/qrI3a51Vkp
                                                                                                                                                                                                          MD5:895294B378CBDA6823D48907C94B4C10
                                                                                                                                                                                                          SHA1:F3CC4C63384C7C66806BA9D4C9E3251815C180C9
                                                                                                                                                                                                          SHA-256:F685A48ECCE386E135631BEA5021D952B76F103D9591C5F0A08E3EE128095108
                                                                                                                                                                                                          SHA-512:0F0ED05624C10704E550991AD0CEA03434BF284AC8024809B723D1D56456A13A6413C3C93BB35D9CBBAEA2ECFA7F9882A1FA373DD5A2D04E586A4141E9CD2ADF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................PLTE......j......IDAT.[c`@....P.#....%...3x....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pane-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 1-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                                          Entropy (8bit):4.898030705821857
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vkSlOlsoqPiaC0moed/l2up:6v/lhPcSlO+3aUPup
                                                                                                                                                                                                          MD5:1E9B1232D5724DF78ACCC50A3B60CBBB
                                                                                                                                                                                                          SHA1:3C6A1D53C692FE64F5BF9883CC59CC6132EF1B00
                                                                                                                                                                                                          SHA-256:52A9FD93B93D89D52179D59413D9E66C30E4DCB772517D2779B50B333D8BF2BB
                                                                                                                                                                                                          SHA-512:D84A0A8779AAFEDCD124CDF6917AA1A6EA7F4EDE6C099E5B9FB02892D44BA3A5A1244B0080613B3D9AFF5AADA208BAD4F6DAFE94E924D01D5F87E06C93E21813
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............%=m"....PLTE......j......IDAT.[c`...?..X!.^1....x....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pane-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 1-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):96
                                                                                                                                                                                                          Entropy (8bit):4.961904818136523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPljIpOJrIoqPi2FFdaLz/Vp:6v/lhP9XC3amdIbVp
                                                                                                                                                                                                          MD5:547BC3C4DD89830B45BD0F695DE282AE
                                                                                                                                                                                                          SHA1:F9052F5A2D6B95E83D4D5BC16748847B9020E928
                                                                                                                                                                                                          SHA-256:B72E9B5CDD7CC922817A511E44BD27573868EF7841B456A4C22FF9FC61092D3A
                                                                                                                                                                                                          SHA-512:D432A6D58F1CDD443608010F514F083EEEF3750A40CEA48426C8C49689F40EF931D5A7EE5B8B8522555C96475E061CA9B5B08769B3671BB58F04B68B6D96A056
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....m.k.....PLTE......j......IDAT.Wc` .0....#.".....K.e.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\progressbar-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):101
                                                                                                                                                                                                          Entropy (8bit):5.084273642835408
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl5ljZCihss3bHJgGBbX1K//sup:6v/lhPZt9DBYjp
                                                                                                                                                                                                          MD5:B21C26EC33FF664ECAEF11FED6FFF7A6
                                                                                                                                                                                                          SHA1:899ACACA33F04EE1CE3BB46C8E5E37546FC96EEE
                                                                                                                                                                                                          SHA-256:6B3F1DA3DD4CA2CB84164070647D28CC9FB2490E8ABCEC24639EA7F4F3789FD8
                                                                                                                                                                                                          SHA-512:47C0757EFB0BB838190B92240455E8E48A956CBDDD3A93C7DE9452DE1F00209257CC1B465CEF05DCECDEF5DBBA1B57FEEF23A7A3A7AF4CE02D4F4878721C8095
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............w=....,IDATH.c`...`.........I.p..m.,`"I.(...`.................IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\progressbar-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                                          Entropy (8bit):5.077241575644354
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3lyoS9gSRgWEZ62XbDQe8LQ/jp:6v/lhPioOvdEPHL8LQbp
                                                                                                                                                                                                          MD5:8220C1B21F816FD43682546124C5E64D
                                                                                                                                                                                                          SHA1:DAABE8F27F6D2CC73EA5848F3C8DECD7BB41ECCE
                                                                                                                                                                                                          SHA-256:D2697968299A96AECD915C22891DB2E25F3059BB9D5A4E207ECD156115FCD2A8
                                                                                                                                                                                                          SHA-512:1E8E122AE0A77345333800E0FF149CE63118A630CA8ECD3179FB2AE9EFD8C88183ADE6152FB95A79851BC63D0661B99ACF472908727707FCF1D44CFF6A56A0CE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................a...#IDAT8.c`....0^<{.?>..o..k..U.3..*..M.....fi....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\progressbar-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):127
                                                                                                                                                                                                          Entropy (8bit):5.640409232596393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl5lGyO0Pnvor2US7Psy1muhevsB1p:6v/lhP8yO0vv/VNoUjp
                                                                                                                                                                                                          MD5:BF7FDD12981CBD65700B068C6D64446D
                                                                                                                                                                                                          SHA1:C2DB0F661846CC2B43DFA1E31C7331F83E8C7085
                                                                                                                                                                                                          SHA-256:A7E67F219846D4F820C64F2C6BE7C58C9A5F048EC78DEF9BB634A0DC43479841
                                                                                                                                                                                                          SHA-512:9F3215559790905BFDDC1EBF76A03286A6EA6C998B1BCD0068FD46BF97C23F386FB1E931905F3BA43A1383722E790ABEEC2D2DFAB6984C71042A69994D15ABDA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....W......FIDATh...;..0....A@.{JA.""...0oR.+.>......q..*....<.......r`7.....^Yz.....[....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\radiobutton-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):279
                                                                                                                                                                                                          Entropy (8bit):5.967663267041628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIaNFpmN7zwdySCb7Wb7rakHYCsqebKuMZufp:6v/7AaBmhzwdySs7WbnakHmbK/Zux
                                                                                                                                                                                                          MD5:FB6CB875F4E1D3140CC94C028AD20E30
                                                                                                                                                                                                          SHA1:113DE4C91586D69F7F759CDE5E2B05990B5141C0
                                                                                                                                                                                                          SHA-256:A78117CB020CA15F02B3BCCFF2682E5DD53740820872E49BE0F592946179D970
                                                                                                                                                                                                          SHA-512:8418CF62A2312DC3ABF3DEF8CC683174EDE612BC4A3FB20A575CA0D14F714D3185F7AE121298D3313B062453B94BD5E9B8A31F6A62648622D137399D48113E12
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....-PLTE...............................................q.....tRNS...()Lf........v......IDAT.Wc````.>.f....0.{../....w`p..f....@N..............L`.....T...'.u@...A.H=g....```.J.f8...S..q..a.J?.q..T..2..P.F...9(.E....P... ....zh...VM.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\radiobutton-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):218
                                                                                                                                                                                                          Entropy (8bit):5.696116325582462
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFpfgFdNNNNNNNNNNNNNNNNNNNNNNNNNNNyeXcNnzQY3AkxluY:6v/lhPIFyImcNzQYQkfwYoz9v32Vp
                                                                                                                                                                                                          MD5:0FF9B69B38C2A03B2F36D7AD4958D9F2
                                                                                                                                                                                                          SHA1:02FE2151A57B700D34D80DB45BF6AF5C0CC11054
                                                                                                                                                                                                          SHA-256:56D1AABB240390F3AF33227CF47572DDB604B5581144739DEEB422A4E3598182
                                                                                                                                                                                                          SHA-512:96428CAB7904EF6F8A78475217B9BB29102B976BBEE274809F1E8A31B6B69199D37F5455C1012CD1AC4B065972F96738F323C4A0FF4B88D624FE3B4427C19E81
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R...$PLTE.....................................{@h....tRNS...6.......k......ZIDAT.[c``0.....Dw.A ..c5..]..u7..0X..,k.....w(0u...0{."....;.V.N```....K......[........;.xt.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\radiobutton-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):482
                                                                                                                                                                                                          Entropy (8bit):6.515696943747605
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknl+3iTYZXbAy2h+UomuZWnq6ZxVR0mnxy2eBKfTqt414HLCLMtZXkF85y:6v/7+wh8NKmWCqFBKS41QCwk8gItwPN
                                                                                                                                                                                                          MD5:8F15132B0FB6AD489257B40EDB4C711B
                                                                                                                                                                                                          SHA1:A67A523304C7AEF007E9A2B94B6D2CF6BB641066
                                                                                                                                                                                                          SHA-256:33A57B2B210E4000C73200EB62EAE4E3FDB53E752F2FC8CEE5032C2967D2BDC5
                                                                                                                                                                                                          SHA-512:E7BE0A78F59842118931A42BDCEA2B9880221F15FCA80395F64627D4B94322F6A4305AE59E2F5930BF8786095CDC116DDBDD273A54FF8D266696B24AD07413FB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......]PLTE..............................................................................................S.C....tRNS..... #$*-\_atwz..............p......IDATH.V...0.S...........v...%.....`.T.0/".<tU....Q..:.B.'qpjw..a..[lM...O..S..U.`-,./?.'.FQ..^..W....<......x.....+.w.7Z......2......b...=..j.G{V.0~.C.wp0.#.X...U$.L<...&....7..Lu.....]...0`V.....0cQ...d..@....H3x....4]V..hk....? ...M.o3t#.[%..v...~d.C....`...|N|.?..9.........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\rangeslider-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):269
                                                                                                                                                                                                          Entropy (8bit):5.715953267547524
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknLISMG+qSbS8M5nzlfKPCTnHFX5p:6v/7g5cM5nzlSYd
                                                                                                                                                                                                          MD5:0BDAF9BFB1FCFA05187BB9067480361B
                                                                                                                                                                                                          SHA1:FF251276C4D6689380285CE48D49B126D7C60C59
                                                                                                                                                                                                          SHA-256:6F1B5F8D94399A1BB372D78B958101621D04C2030324DCE548D570DC140A9E8E
                                                                                                                                                                                                          SHA-512:1D6EA5C7240DA49804E0AC2F25CAEA28E25E3CF5DD6A2851B19E3FB893CDF307878E54DC6317353038E2098797FAE156DAC11B9C3E8FC463422EF3F0A4979EF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...................KPLTE...........................................................................c.V....tRNS....&)06:..............&...\IDAT(S.I..0.....R+.._j[..L...i.$.@=8...z....>s...K..oMTcf.P...h.......-.%........j(./.[.7....."......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\rangeslider-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):231
                                                                                                                                                                                                          Entropy (8bit):5.52736090983763
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPf4YuP5TqeElJmBlcNbN/I4SoQ+4Tp:6v/7300eEQ4N/zQd
                                                                                                                                                                                                          MD5:5FAE31BCB31987EF8DA5A2D8FA7A97CC
                                                                                                                                                                                                          SHA1:4718FE06F655EB02D6225FE74C380BD9B06FE01F
                                                                                                                                                                                                          SHA-256:6864EB590ECDEA19DEAA5D9D858164E9F0FED65B3F92FCBAFB4F1F2B678BDCA9
                                                                                                                                                                                                          SHA-512:B5CC1FD1D6C9C13E7FBAB9DF23EF259074A1EF31F07659403F4A4C640EF22AB4F92ACD9D5BA1427A5A80677D72F66D6B47A372B1C9010FC448F50974AF1CD347
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............(-.S...BPLTE...................................................................x.2....tRNS.......-..........t..5...BIDAT.W..7.. ..bA....._upd6c....a..9..9...z....UcP..-.V].....I?...F..G..k.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\rangeslider-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):282
                                                                                                                                                                                                          Entropy (8bit):6.24604723732813
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIARAGDYiZEs6gmYvhWw8XpyOw1wksDwn8/MG2jtumSskDejp:6v/7A0tYwEn+hWzZA1wksDwn8/uiDw
                                                                                                                                                                                                          MD5:57DC8F40DD0AA32263F4F28E259E6F67
                                                                                                                                                                                                          SHA1:342630273B85A886DD6E06D4943E36EC7CEF5E08
                                                                                                                                                                                                          SHA-256:2CDBDA8732E153568C15E088A865A822F9743B1B437C7DB1341C2917199F28AD
                                                                                                                                                                                                          SHA-512:E7850561063F8A66BC326F3D929A4B71184A88F66CAC8F070D75BE79F2CD09784CAE7BFC83A652760B2567E8BC623869C73A804E8DF6125ABF03C15C826702C7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,....*PLTE...........................................2.....tRNS..(6............IDAT8Oc`....0{.l1..M:g8....V.Z.T....2W.B%.A.U.`5U .r.".(..R....\.....Y.....\..`.J8..^... ...;.V-S.Z..Ij.V..{.(q{.E.Zp...U.V..a.N..8...q...@...`.......;.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\roundbutton-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):229
                                                                                                                                                                                                          Entropy (8bit):5.921078912589736
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIbIOp/ncyoH/Qy2OwMkaZl9JoMZ6Mckup:6v/7Abrdncyg+OwlaBJRZ6Mu
                                                                                                                                                                                                          MD5:55916A706CD81DB0A2C8652E610E1262
                                                                                                                                                                                                          SHA1:2852CA5E6D5FDB243F8A39F73E9FCA19A2299C21
                                                                                                                                                                                                          SHA-256:99B9B80312B8DEAF6B9F39AE3D9BEDC2053C13E60AF608A4B0497AC300ABED57
                                                                                                                                                                                                          SHA-512:532CD09DBD12E8F6602B288225C055F1B8130C5173073874C5BE0587965ACDC94311201CC594198CC2660F92BC2D7E98EBC576308B88B976A010EC02058DA3E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE..............................;.......tRNS.()f............mIDAT.Wc````r.........3.`...c1...Al..P...X.8..::a.....3. .A.......La.Dp.1T"8..f".T..2..P.F...9(.E....P... .......i.h-r....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\roundbutton-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):186
                                                                                                                                                                                                          Entropy (8bit):5.5536884832398155
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFZ/XdNNNNNNNNNNNNNNNNNNkgUfNOI7DrsRSjnS7pXfEnVt/U:6v/lhPIFZ2TI0AAn25bDEoJ2rDup
                                                                                                                                                                                                          MD5:D8B15D4980EDA3BD79F6D76885915B8E
                                                                                                                                                                                                          SHA1:486A6644B7A1149644C372C272573705F7E89960
                                                                                                                                                                                                          SHA-256:DBEB399381F205C59FA25B5FEEE98FFAAF744EA4A339AE42F3A497A9A41EF2ED
                                                                                                                                                                                                          SHA-512:AE80C3767C877B6EB49EB735972C92CC70F6C50F567140121926A0A05B3390B19F6DE6E36ED74EF878F63BD6D680A5FF897ED537A91500F132FBA1E3F9542BC6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE...........................A.......tRNS..6......Nt....FIDAT.[c``PN/3b.... pd``..1Z..X:...A..hb..0..2 .6.......K......[........4w.y".....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\roundbutton-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):381
                                                                                                                                                                                                          Entropy (8bit):6.445736199555965
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknl4so29H/fgxejoVBffaOpAcCh93qOLJCfXs8FmQK9jGevew6p:6v/7+Pp5/Zjof3LAci93FLE/s8cQKJTK
                                                                                                                                                                                                          MD5:5FAE8CD652AFD6529AEC29142DBF738E
                                                                                                                                                                                                          SHA1:18F612DA2C977225A7C8BEE86EF463DDAD6FAD78
                                                                                                                                                                                                          SHA-256:D29E2D78A95EFCABA8391EA35A5F1C097BE666BF878FCBB2D91262D600213129
                                                                                                                                                                                                          SHA-512:F99511DCC3C0AD6A771358A39F48816FF4BE9BE2F93BB8D8208A15D6E453CCE962F071514E09433D7C9C5200188CF330736F31C8D052936ED63C8E4B8DB54154
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......BPLTE..........................................................................tRNS... #-\atw...........QM......IDATH..W..0.C..x.[..j.6S..&.....N.9&..g.:.....=....j..yc..RL........~.|B..../.@..1...S.Yb..7.E.....b^.[....s.b...P..@/...../......fp4c.."f..0C".....K.....\.p...7..p..1.....p..q...|d.C....`.W.?....s............IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\scrollview-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):110
                                                                                                                                                                                                          Entropy (8bit):5.362441304373581
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclBpNzOqbs4sYci9qMunsOk3t5IoTp:6v/lhPKN+4s+qMunsO0t5IQp
                                                                                                                                                                                                          MD5:FC3F677815EB9C343A6FE9F8D1B76466
                                                                                                                                                                                                          SHA1:A54611F2A4D58285C0CC5E32D45C587126039129
                                                                                                                                                                                                          SHA-256:95C391220B616E9733A9D4FB8C675430069DD74CA3C37E4DEF92158C3A1B75E2
                                                                                                                                                                                                          SHA-512:77183D663D6ADAA8D8B762A340C1E16DCCE21E63A0369BFAF6624CED9C192CA9CDF0FC86C64D8BB895CA27367FA64F8E8E4EF577338469DEFFE821A7532364AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................k....PLTEyyy|||.......~.....IDAT.[c......P'.L.m...U.V..q...{.\-.j....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\scrollview-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                          Entropy (8bit):5.2710999603464
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFdccKANNNRohdNmLZDc3VjmlWQ4leup:6v/lhPIFdc5Qf2m9CjSWQodp
                                                                                                                                                                                                          MD5:FE271F40CB0EA8AC57076F28FE228A68
                                                                                                                                                                                                          SHA1:361E02EA2DCB45F2EF0772F2B8BC27DFB61A4D9A
                                                                                                                                                                                                          SHA-256:382824CB4968E384B1A85DE6A222EBF36EB5691F4A736E7293580FE62A9FAA81
                                                                                                                                                                                                          SHA-512:F2AB5D3FCD086D92688199EBE387328495B91B21F1EBA9F5F24A21FF19F060AAE4E97C5E291988E9EBAAA21C4BC90E174FC5B2DB2072F013C6F6DDFA5AA46BCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTEyyy|||..........u..... IDAT..cp.....(C..0.6C.f ..0..$>.....3|.u....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\scrollview-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):145
                                                                                                                                                                                                          Entropy (8bit):5.714767345303081
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARn1fcZZT6ho7I/lKhkxdggpFvzEhuAVAhsw1glulVp:6v/lhPIARGKcI/MkX14hufhkulVp
                                                                                                                                                                                                          MD5:8971FA8B50B0F638D26C47EFF1821F98
                                                                                                                                                                                                          SHA1:FFABF1026A808250B69ACC4F7263CE09388CB8A1
                                                                                                                                                                                                          SHA-256:046E91E191B4DB9F38C631004FF261C3A391ED6BD10821FCBD75A367B99045C2
                                                                                                                                                                                                          SHA-512:D611D71DC19F8D42254717D4EFEEF57EF243BA3E2F4BC31BBBD5E8E2F6834CFC576B5D26205C9ADF4411421BCC252A51F18963BB77CF3830C982AD52690B37AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTEyyy{{{|||................;.!...4IDAT8.c(.... 0`.J.8$.F%F%....#Us....@.D..H.DB....*.8...I.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\slider-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):190
                                                                                                                                                                                                          Entropy (8bit):5.4933124189970295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3VK1I/XKffNNNNNMHNNMAv4rC11RTzBDstGFFcSwPwuzD/c092lu:6v/lhPIQySGEyT/Vyt2cFY0Ulo1p
                                                                                                                                                                                                          MD5:9D9C9F0FD704C905E6EE1C007DEF564A
                                                                                                                                                                                                          SHA1:7EF78AD90525F12142023539E3EC27973D7C78FC
                                                                                                                                                                                                          SHA-256:62687A61FC08E488563F76DEEF1C3DFA13A4D46B1B2989ED0B8E97B8EA286A80
                                                                                                                                                                                                          SHA-512:D5B2C74D9CA1A60FFD23A670DBBA1EA41451F4C66362723C2224E8BE5CC07EB23C716C4CE16310A76973761C6D680E60ED06F807F9038BBF41BD3A53E8595DC1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....'PLTE.......................................c......tRNS....0.......L....<IDAT.Wc`.#`.....x.Z..f(.A.U........Z,... ..\...D.Z.........6w...q.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\slider-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):156
                                                                                                                                                                                                          Entropy (8bit):5.350695533504228
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFZ/XdNNNNNNNNNNNNMAeHi/wJkpxl7XI5d0itKlTp:6v/lhPIFZ2JC/w2p7XAdpKlTp
                                                                                                                                                                                                          MD5:F942789BD0956CAADA211A2C810DC63E
                                                                                                                                                                                                          SHA1:067740E71F58D904F94E75E7DA448061F1F6D12A
                                                                                                                                                                                                          SHA-256:A1F3E4C5B3955E27AE26B96AD3611C68EA3A0C821F79E26E3037050F77DA30D2
                                                                                                                                                                                                          SHA-512:F2BF10840DBD8A6D8B08CF1E3C54F57A8F65163CF9CFB85067C58CE81A0BA21D67782EFC6E63D301EDACEB9EB88DA39D1EEA8C2892A7506D05368462D6838075
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE...........................qw.....tRNS.......nl....*IDAT.[c` .0.....,ii.@*---Y.....Hb.1.RH..........c....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\slider-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):227
                                                                                                                                                                                                          Entropy (8bit):5.866832811696198
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIARAGDYiZEs6gmYMOv7Rr9yQWFaFTBE6dwup:6v/7A0tYwEnMr9B6udtZ
                                                                                                                                                                                                          MD5:E822A91DD08DEA02CE0FBBC04393C0D6
                                                                                                                                                                                                          SHA1:93DC5D4918A51941FAFB6DD780D3BB9C99D5836C
                                                                                                                                                                                                          SHA-256:E2549F3EDF7F059C7386780ACB7B837282226713DF8E335EA20EAAE46D558292
                                                                                                                                                                                                          SHA-512:F8604972BE7607DE0566F0370C8E3E79077C750E7EA67B8B2250044D97E487F9071206EE4796D02C6B69D4C06D3DADA9F2A4AFFE86905948C679CE7BF1211273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,....*PLTE...........................................2.....tRNS..(6...........^IDAT8.c`.....t.p.&.....1...@...0$XW.A....Db1...Db.\....Z.*Im...%v.Z..D...Q8-'.\....$8..w........o..~......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\spinbox-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):144
                                                                                                                                                                                                          Entropy (8bit):5.471799790326293
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/QgdLyfPxPSs7Kn/1p:6v/lhPKN2Mj0qeIgYxasOndp
                                                                                                                                                                                                          MD5:3ACF8F050C539013B7CA3F5A2507D7F3
                                                                                                                                                                                                          SHA1:99E6EF8B13D65168820CBCA2042FF76D0B53FC7E
                                                                                                                                                                                                          SHA-256:A4B625CF8A9514FB099BF6EC10BB3E3CB85EEC1965E559C7D2A945B4CCE9FA07
                                                                                                                                                                                                          SHA-512:3FCEF6971FE2EBFC5C856C88BD02CDBADFB81C77A2A298FA2C21842F964200A45F92210491DA250419994CC5FD4C0CC1DB4D4013A8D576B02FA33453F028E082
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z...0IDAT..c` ......q......x..L....(g.. .0v......F...Y...........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\spinbox-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):151
                                                                                                                                                                                                          Entropy (8bit):5.289373199432374
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKul2xlfoemActmBtEW1pRH/DTMp:6v/lhPIFdmBlaCiDIp
                                                                                                                                                                                                          MD5:12C141DE87750B93FEED16AEA4D59DFA
                                                                                                                                                                                                          SHA1:2792C683D0D0C7D70634922EBB26F8A2CD841304
                                                                                                                                                                                                          SHA-256:8AD23FC81CF56182C5D8A70BE925539DE31BCEA0F2B6B54BB8592A71AE634545
                                                                                                                                                                                                          SHA-512:61CECB8FFCE760A4A5C07FF7089DF185EBA39CA2A9B74636B061BA16D3276C3A595A635AA5BBF0DA0653AC0549B1983E9D58F74D5143CC978AB2FF4A987AFE84
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u......3IDAT.[c` ..@...........................`.1.X...v"......ve+.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\spinbox-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):178
                                                                                                                                                                                                          Entropy (8bit):5.737192759794231
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKuldxn9g1ibdGjtk3NMrLni1YQPysup:6v/lhPIARwymBldnLs82fni1YQKjp
                                                                                                                                                                                                          MD5:9F19E76E985711D7742F5BDF2D2F92F8
                                                                                                                                                                                                          SHA1:EF732E94805D95379524CCE3904D23C0529E88DF
                                                                                                                                                                                                          SHA-256:DE0D8D23A147190E9A5A1D97828953D2AAF73938033BE5C648BD621CCE8533F0
                                                                                                                                                                                                          SHA-512:F909F88889A304226E4AD54FFFD07904159870A5A69A86D88E1063E1A9D1F76DFD65D25F10ECC3B69E4A9B77E50412414CFF70D228A486E29424E71A4D90AF6E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......NIDAT8.c`...... G.Y.. $.....I.....&'..*..@....J...LJ....BH...K.t.=.......(......P}u..w....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\stackview-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                                          Entropy (8bit):5.538152420362062
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKulkwVFFQIdvitOuHIRTFvUmLaux1p:6v/lhPI4ymBlkWbitTkTNMKp
                                                                                                                                                                                                          MD5:AE0B77BD4576B7D969E59CE4E0E7DCCF
                                                                                                                                                                                                          SHA1:C45605C282F81092C5ED6B883625F1DC90CA51B9
                                                                                                                                                                                                          SHA-256:8D0EC44BA53CF381C80624AEF18CE8962730BE6F8EBE15890CB32A0B8C3477B7
                                                                                                                                                                                                          SHA-512:C71F5C9BF3F2548E3F627DC2EE57E3D615E9F43F7D16E9D0430234A239BAE5DCBBF5EE0C476383B00AF0A67695424237A4B930A60B2D6F9C97C8F37E1D02D5DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......>IDAT.Wc```p....0p..,.8BJ......... .D-.....$....*..!..n... .../...D......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\stackview-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):151
                                                                                                                                                                                                          Entropy (8bit):5.483416238500208
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vn0Xl/jgFdNNNWj0qIW16YAN/fRP3/NR0sMOClUdp:6v/lhP2l/UMj0qeV3b0sHClUdp
                                                                                                                                                                                                          MD5:6B34147F7E53063D9A69ADFF5B43D82B
                                                                                                                                                                                                          SHA1:B877975FB84EB671CB3231F532D32B1178AEE3C1
                                                                                                                                                                                                          SHA-256:0BECB6FB56908D6E9923693F0685D0D03E8A14A65A03B823765914BAEB07BF2B
                                                                                                                                                                                                          SHA-512:1EF9C577BA2FEE76DA7B634BEE09256D26B15800DF0817AE837D208850D733096787CB1265AEAC12D8627D67D3E640BA5C983B56872790F783884EDD2D6E88FC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............b.......PLTE............3.......tRNS...=..z...7IDAT..c`.......;.......lh...................3n.jhh8X...!...e......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\stackview-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):167
                                                                                                                                                                                                          Entropy (8bit):5.671979642193636
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/Pu2S64coc+ToW64aZlkYKEvS/ZGzC:6v/lhPKaZz2Mj0qe+2Bt+8W6/+Unop
                                                                                                                                                                                                          MD5:6E2B86314F1E6172078DD8F363E41A03
                                                                                                                                                                                                          SHA1:43095F9DA760BFA6D1F5E90B5CA857B8FF0CCF10
                                                                                                                                                                                                          SHA-256:8B196AFFA121B3423B2E552B6C000F4DF419DCEA9384707DE5ABCF5EB6D26534
                                                                                                                                                                                                          SHA-512:C3E97A12DB7999F912FF09C3CB443EFA2153D06E4511CAA12C5D56965F95A71F8DE3755338C1BB4FE0711A0FE40F83BC6EADBAD0ED96F3EBEC83D02C6B2D4AB5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...GIDAT(Sc```....`....D.S.#......\...h0....v.sB.a...e....p.0...H.....z"....2..|#......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\swipeview-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):163
                                                                                                                                                                                                          Entropy (8bit):5.551420334011245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKulqxTVkh1LAHn2anbxL3gH9YlI37Ykup:6v/lhPI4ymBlNLAHn/bxcClILAp
                                                                                                                                                                                                          MD5:A295FB581A2BE0C174CDE70A659DBD08
                                                                                                                                                                                                          SHA1:1C80AEB0FCA9A772D7A3D98C30A08F1AD629B77C
                                                                                                                                                                                                          SHA-256:E5856AD4FA95CBBAD49F8D33705550A74A718FDB398EB82E717ED8B7C82F14D1
                                                                                                                                                                                                          SHA-512:9B745842F1E1BA0F39EBD57E3BC2BA6C2B527F773C62F00D60013D806D20D645C5874A1CC5FF9166A8AEAE75F502E2E6F01F7FEEC3B91E39FFEB810DA8129138
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......?IDAT.Wcp..'.0.P.9P..........#8@.......9.J*...s ....9E....&D.<..-D...r......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\swipeview-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):152
                                                                                                                                                                                                          Entropy (8bit):5.498034660707387
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKulShkxtLN7SMT+bN/4WdjMUjtT8l/Vp:6v/lhPIFdmBlSkzqbKWdj3jtYldp
                                                                                                                                                                                                          MD5:9D39515196F0DEC21C611FCD050CF429
                                                                                                                                                                                                          SHA1:B5003DD2F43E72E411EB0192D3104381B4F17B81
                                                                                                                                                                                                          SHA-256:98DD3480608943DBCFDF9C355084F03988BD7A479564C13EEE52B603D744C90D
                                                                                                                                                                                                          SHA-512:FC400936F84BDA091F07C56415A8018CA4DD330C0BBB948294C8ECA2147EB90ECD24E9697B7B2EF0599FADE0D99C9A0E27ACA62647ACC56CC17E59B513123530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u......4IDAT.[cp..'. ...J...X.".e8...'....*....V8+)).m.9..@..7;6.,....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\swipeview-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184
                                                                                                                                                                                                          Entropy (8bit):5.895196816712992
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKulyRnX5jtbNTXdBVdZsw33BpLT2Qp8PwR:6v/lhPIARwymBl6X5VNloC3T2rI/p
                                                                                                                                                                                                          MD5:C94A18A711579221E21926D034418D51
                                                                                                                                                                                                          SHA1:1AF9214AA7BCBE5F4D486F8BCD19168FC1336CB6
                                                                                                                                                                                                          SHA-256:C6CCB895A1FB51423297A02194E4D9A1AC2E5A7BD690903FECA458582F90DECD
                                                                                                                                                                                                          SHA-512:C29258AEDE103C0F4EC4A47CB8BA3D98A1783A3D90BC581425B498DE48D308D8436CB4455315B1B1A7F0A232218B61F96D9614B2EDC69B3303A22B30C1001641
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......TIDAT8.cpA.N..@...v6...J ..).l...`;.I8!..".....,..C@...T\h......$J.C\v.da%.LFvY.C....j.x.4d....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\switch-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):205
                                                                                                                                                                                                          Entropy (8bit):5.594990029755057
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPIiImcNj4pWBXRIj2QzsXdpi69Rleup:6v/7AiI/c8B+jWF9Rlz
                                                                                                                                                                                                          MD5:206A6FC03CD33199856E1640141388DC
                                                                                                                                                                                                          SHA1:0A5E3C75A37921EE6ECD5AB773798ECED53C7B45
                                                                                                                                                                                                          SHA-256:C8F6D4CB1869750B512DCCE9A605FE9625EDD76117253DC41BAE0C3D4DCB0C97
                                                                                                                                                                                                          SHA-512:F4D02D5079EE212A9B1141F6139DA730CD58082D6EB9F8A0A055ADD849A5523BCDF3D99D71161703D4F54AF0D0F7CB3A79318FC6D6D8D843BE59497A1AB51B95
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y ....$PLTE.....................................{@h....tRNS..."x.........`...MIDAT.Wc`..P.........wC......S#..&..m.............v.........T..2..P.F...9T....O)`..t....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\switch-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):160
                                                                                                                                                                                                          Entropy (8bit):5.246846198705042
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSF9fgFdNNNNNNNNNNNNNNNwzvntTGyVsRSXi8OhRWB/rhjcl50:6v/lhPIFuazntTSwxOwB/hc7Cp
                                                                                                                                                                                                          MD5:4711B1D69BBFCA2A841616BE12FC415A
                                                                                                                                                                                                          SHA1:F019D9B9E26C7735F8DB4744AC3DD747E7D9674E
                                                                                                                                                                                                          SHA-256:8690393A518700CED00DA1322C2438BA6F6498C54AFDC309560E8DEA1A953119
                                                                                                                                                                                                          SHA-512:10407BD8413FBAC603CC0418985D820F85E772E1DB0B1BA59FB429A14AD8E4232AF508E4FBBE15784ED8B62E25C71AC93B9880AC1982790B04AC7AA5ED219764
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE.........................xTr....tRNS..T....D......0IDAT.[c` .0...A...h.;...`...b.3.00.......\1\;......c........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\switch-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):314
                                                                                                                                                                                                          Entropy (8bit):6.251493142003294
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPknl8p8wwOhzqF4JNOWyeTruJF1ITXXorBLAVp:6v/7+KPSENOWyeTKATnoV+
                                                                                                                                                                                                          MD5:D7AEE8B1B58D1F9D1314DDC0D7D3F7B2
                                                                                                                                                                                                          SHA1:6CCC8E8E69408BCD2FEEC1510C0D395A3F80555B
                                                                                                                                                                                                          SHA-256:77CBB8F223A8305B80415E9827F96E2EFE7C00A1A947E36D329771FBF90282A3
                                                                                                                                                                                                          SHA-512:F854C66AE43C6B378CF7C6F94592961EE72607D4C321A782237B844ED5E228F3393804F45CD346690882A82E7E21C9C358BB5DB09BC5F24FFCCACE0901E2B773
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....`......6PLTE.............................................................tRNS....%':c|........G@.5....IDATH..... .DG......l..#]45.....d..&.g.T~...?...l..op.3~.M....M....i9X.r..r........;.|._NC...H$..U2#f.PH2.M....d..A.T.$.(....@.......GC?|.../.~E.G@.f&..y...:.........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textarea-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):149
                                                                                                                                                                                                          Entropy (8bit):5.280328657369903
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKuldhkx9wCmAfFlp0F3yqyoA476hG/ljp:6v/lhPI4ymBldhwwpAtz0Fir42h2Vp
                                                                                                                                                                                                          MD5:EE79450C7A59869368EC5DFB4B432BA5
                                                                                                                                                                                                          SHA1:1E86848B8779F85737CFC69A00F8CB113E4F6BA5
                                                                                                                                                                                                          SHA-256:5A266D70001496C2EA91123EA595228394257E937E0DF19F3F3E95FFA00A0C47
                                                                                                                                                                                                          SHA-512:93FA1561A8E0599595093E85EA96E172AAE38E13A19017362934A6388508B61122AAFDB28E2372879F17C74CD177D161ABC88E3D34A5741515DCDC70BA143C27
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......1IDAT..cpA..Ds.. ..Q`..Z+C...... .)....1.`.e.v.....>.D.ti....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textarea-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):133
                                                                                                                                                                                                          Entropy (8bit):5.262573233393416
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKult1jJT1RrWpMlsg1p:6v/lhPIFdmBltRZ1Rykjp
                                                                                                                                                                                                          MD5:C2BDDB16545C42CA40397CD4ED241E69
                                                                                                                                                                                                          SHA1:E2D2B96F3E5B1DC944455C89A3739514390F4BBD
                                                                                                                                                                                                          SHA-256:41E8E252ABECA49BD6EFBF151FE02ACF120FEAB7980875D46EEA5A8E659D966A
                                                                                                                                                                                                          SHA-512:9C172567CA616AFAAB69AE5EDCB7D71B8ED82546C34F1A1B642F07335EEDC9F3AC3CE8A9870B6FE9E097FD09FAE5E44836947DC3FAD062E58BA186CB746185B5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u......!IDAT..cp...,.g% P!]D.j........vK.....k[-.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textarea-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):163
                                                                                                                                                                                                          Entropy (8bit):5.583953395601585
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKulqx3kDWmfz3GL/iPXggMqPUAgL5Vp1p:6v/lhPIARwymBlXfDGL7qPbkLbp
                                                                                                                                                                                                          MD5:E358C0889196E2B72F6FF214B29E1DED
                                                                                                                                                                                                          SHA1:19E0DB35887148380E4FE1364F7B60904A00DA81
                                                                                                                                                                                                          SHA-256:F51CE133DD7CB2ED74C8DAB85E775C46E705BFC91D6212A8D04B0C5432C822A1
                                                                                                                                                                                                          SHA-512:D7B00195F7441F6C1F4A73CB90B0119B830BA75980F16D7A8D007A309804E389394383E0D6AF03CDDD00A5A7409AB6EB101FFCC96E084F9495B0512753DB579B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......?IDAT8.cp.........P.K81........@W.`J8!.$R..E...a%.$..@.....*..t....\&.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textfield-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):154
                                                                                                                                                                                                          Entropy (8bit):5.464770434252999
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKulVxTFFtc1evEz8hCI5Ph7U0lsg1p:6v/lhPI4ymBlVJtcs8QPj7U0Vp
                                                                                                                                                                                                          MD5:2F5E19222C6FDB8345CE01A70EA1F850
                                                                                                                                                                                                          SHA1:35F296D79DDA2AC9A39EEC80CE7CBCA5EA91D596
                                                                                                                                                                                                          SHA-256:DD0453FD04FFA9AEDF5AAC978FD4F2E22107FB46D6F2869CBAC4DE5903E1500A
                                                                                                                                                                                                          SHA-512:6CF82E2C79DA90FD90678B8A3F09ABB7F7D098517370D8ED7F72281A62B1FDEF613D21D184DBB7D73BC52776FFF5F3FEBFD7EFA0E40A30CAFFE5F99D746166DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......6IDAT.Wc`.*pA...*@.H..\..X...." .Y...B..Y.Y..;...(.........L......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textfield-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):147
                                                                                                                                                                                                          Entropy (8bit):5.271824568304948
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKul5g+SfoAu2wUL9EJRkv5U5XB1p:6v/lhPIFdmBl5g+4hL+Rkv5Ip
                                                                                                                                                                                                          MD5:4E99A999FD9C9D49132D3990F8AC4FD8
                                                                                                                                                                                                          SHA1:D8F7FEB75D5058E56914E33B084D86E95162919E
                                                                                                                                                                                                          SHA-256:9A8F3EB2A14EC5517495F687402351FBBE2E06A04401D03D294E2544913B62F4
                                                                                                                                                                                                          SHA-512:C4807438CEDEF8BF98068E07DFB814A6FEADA96A7ED9DF33A7E4531B8B655300A0985DD367685FE33BE9C6CC28EDDD376479A7CAC5E426E20B0A7EC71A4AE480
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u....../IDAT.[c` ..@...............P....E...,..q.0................IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textfield-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):172
                                                                                                                                                                                                          Entropy (8bit):5.565869118588712
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKul2ROgwx2tTSVrMQJhpG1lo9fbp:6v/lhPIARwymBlGOp2hSlMQQwxbp
                                                                                                                                                                                                          MD5:01936B6356468DB3B51C9A5E2FDC5A65
                                                                                                                                                                                                          SHA1:377163F3997EBCD24B5B24789D3B66C74C38B875
                                                                                                                                                                                                          SHA-256:85B8DDBC37078A49F151F2BFF080B33DB54B6E0C2A8FE6A044B83D9A3148A2DB
                                                                                                                                                                                                          SHA-512:C2DBF3466B18B75DA7B41811B5D2230D22D8A3EACF5464D98C2F45E39D53EB4CA5FDB905EC24CFEF45ED38F0B0D409E56EAD66B880E1084066795497D45876E8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......HIDAT8.c`..D......g%(.Y..T..N0MNH6......M.,D........pV.`...I.]...K...h....T.........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbar-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131
                                                                                                                                                                                                          Entropy (8bit):5.692791368990826
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl5ljshgFCnvaRRdQFRQhVTWtdwQdKQo2zc+tlsg1p:6v/lhPZshFvaKFuhVTWrwQdJljp
                                                                                                                                                                                                          MD5:0B3610A43E69EFFB258530B2C8A1E05F
                                                                                                                                                                                                          SHA1:956DAB7407CC91F172E29C3CEAA365FE1A9EC061
                                                                                                                                                                                                          SHA-256:091C60F6BA74899AB0BD2AFC454755659FA7D3B40A9A1F1F2E8FF557ABCA697E
                                                                                                                                                                                                          SHA-512:6FEB8F19A19585A72622D715B26948376DED38D4883481094AD500B44B1CBCBF89EBDA710EB26D7B12389C157482B1E4D9B4DEBB78519D048D21076C9D43E822
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............w=....JIDATH.c`....R..b............4.....G(.=..0,.......a......q0.-..h.`.....@j!..y[....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbar-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):5.411629991612867
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3ldC9ggH03vMJH/ptmrIflif2dp:6v/lhPt+1qOdp
                                                                                                                                                                                                          MD5:B7904D7012F810EA4372C0AB83DDA63F
                                                                                                                                                                                                          SHA1:386758160936A4457FA5952A987217EECCFB0E0B
                                                                                                                                                                                                          SHA-256:B5265D124540A03E1FA7DEC3160B210B0BA48257D272B77F2F98CC17ACD1C754
                                                                                                                                                                                                          SHA-512:793C1BE87B60FF8010E9AC2AC45AA09DBA51E9B0B9E7CF32219DF72B82BABAB36B0FAC380BEC9C8A4A264BA24CB4426302132A645C44F01703EA86A261E99B65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................a...9IDAT8.c`...+V..O..L.........A,l.r..|.......W..^ ..|,........e@]......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbar-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140
                                                                                                                                                                                                          Entropy (8bit):5.440896780220224
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/CgFDyFe1tqcslarHPzOll/jp:6v/lhPKaZz2Mj0qeqMyCqSHLOltjp
                                                                                                                                                                                                          MD5:543DA2BF9D3492EE6EBFFCE6B9877E88
                                                                                                                                                                                                          SHA1:23A1C8A2C1B977ECC040E5B238E51BD93797216C
                                                                                                                                                                                                          SHA-256:286A7E5F47C1F8F67008FF1343ECE35CD5236AE9682E6556398C4D19682B2406
                                                                                                                                                                                                          SHA-512:7E1474B129A82A3B11224374BEAA58A12D4020D4FA49CD0ABFC3BA3C855FABA42628166B630D463013EB49476A92EE352803DAAF2216F1C78029ADE09229678E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...,IDAT(.c`...?....g..z ....|a..`.D....CU..b...#.H..)'....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbutton-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):141
                                                                                                                                                                                                          Entropy (8bit):5.379264569931083
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlG3Vi1I/XdNNN0ox8s16YAN/UhkxTFFBTDXVPtyrt8GOal2up:6v/lhPI4ycEGMhkJh0Pkup
                                                                                                                                                                                                          MD5:A9EEF3A8FCB12A1268E4E596A4FB7027
                                                                                                                                                                                                          SHA1:5F8988A750D1ADCFD7546AF0C4468EEEC4C0C00D
                                                                                                                                                                                                          SHA-256:925D6C1F934919B59E1F3E142B2E7A38B0D4F6D5CA2FE67EFB7F237B22C300A0
                                                                                                                                                                                                          SHA-512:46513B83E36038E25109B9EA8485C631A569488B7313AFB67BF068493B092505E64EB4ADA7E8A15C7A3B656DD1B8D8B78A0CE0F4670F02A25DFBACC6CCB1CAAF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............Y .....PLTE...............XK.....tRNS...=..z...*IDAT.Wc`.*0F..8F.&.....@.!..#.,.L&.8K......O..n.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbutton-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):128
                                                                                                                                                                                                          Entropy (8bit):5.484719007484493
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3l2oS9ggH03vMfaYduXxXxpVNqjp:6v/lhPmoO1BduBxpbqjp
                                                                                                                                                                                                          MD5:8FFAB9FDC87C87B467CA5B6E509EBD06
                                                                                                                                                                                                          SHA1:CA3EF980B176471C381C11213EBF48A0BD086C12
                                                                                                                                                                                                          SHA-256:158C753531D79B927CD384125688FA813D4282CCA5D237BE7E89B8DD66E7FD85
                                                                                                                                                                                                          SHA-512:29F128AD73925096387721D88C5391EDE4F55790C3B5DD4E391FCCD9097177173517142E24B747CA5B66C88339DC18AA5A22F51DD666A75AE787F0457CF54203
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................a...GIDAT8.c`...+V..O..L.........A....MUU.MUU.lrhl..>FDD|.a....:.z.,0.0.....R.1.../....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbutton-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):158
                                                                                                                                                                                                          Entropy (8bit):5.52464701972986
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlGARtjm/dNNNOq6D16YAN/uqgvaxl1AG8lk5tKRfwoH/FTp:6v/lhPIARomA2qXXmk5tKRIUFp
                                                                                                                                                                                                          MD5:79CB355F34FB2BBEE2A2D12269EA14ED
                                                                                                                                                                                                          SHA1:8886CDFD864091253FE0AB7EE3C0B7B39D075D05
                                                                                                                                                                                                          SHA-256:AB648E389EC4282747300E00A293A1DD7DDB56F63E232DA241D9B66A66009590
                                                                                                                                                                                                          SHA-512:EC70E8ABA94786C9031EF0C9743EDA3C0241778DE1AFAB1E3338B7F6414D19C81CF578DE97FA6593186A6B53B6E629D3222AD458D272E9282533CC37FC1B64C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0......,.....PLTE..................|.j.....tRNS...=..z...8IDAT8.c`..D.c.`.%....MCCC.......\.......C..f0w.K.....D..f.d6.YK.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolseparator-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 1-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                                                          Entropy (8bit):4.957976694021429
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlj/ulrI/MB/hl/W+Soh+2Jljp:6v/lhP9/qrIEB/ho+Bh3JVp
                                                                                                                                                                                                          MD5:7DE9B2CCB7358665D6F9C967F8A52B9B
                                                                                                                                                                                                          SHA1:947F623FF5ECA892B2EE4D6345775C7732A18427
                                                                                                                                                                                                          SHA-256:B1198FEB502554A254F9C1F3D86C1934E793876606CE1923458D0838CE1EF114
                                                                                                                                                                                                          SHA-512:28824E1B22A0FF8A99A1249B4919411AF621B3B4FC61E5C5BE2C657ADE56C91EE337A817B819FF1861705D77DB07F8329FAB9D3E80505D53243C28F51605C327
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................PLTE........,....tRNS.@..f....IDAT.[c`@......=V.M-....=..4..^....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolseparator-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):123
                                                                                                                                                                                                          Entropy (8bit):5.081901022737609
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vn0Xl/EgFdy5gB45lo4oLkYG+LtMEB1p:6v/lhP2l/En5EXkYzMEjp
                                                                                                                                                                                                          MD5:F84CFA180D61FAD20F15BACA974BAE38
                                                                                                                                                                                                          SHA1:62384A0B71533F9448AFFA806FD3B283EF2E7CE4
                                                                                                                                                                                                          SHA-256:B7B0010F45F586A24225F07576AD4569327EE948C51C58F77445C6709622C5F6
                                                                                                                                                                                                          SHA-512:5F5F3704C7AEA85DC4D56B10D193C9AC1EB6550B778C7BD416B8C1BE52DD8F2D6F1AABE6111F0DFD6862F422F7341D4E0B0F84229C3DCA767761A0E65BDCBBFC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............b.......PLTE.................tRNS..k$.\....IDAT.[c`@.L..L`:..!.B..p.I.....r..i4v......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolseparator-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131
                                                                                                                                                                                                          Entropy (8bit):5.375057979510251
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZ2NgFdy5gB45lCxxF3F8vw8rv0Oetlsup:6v/lhPKaZ6n5EvF8vdAsup
                                                                                                                                                                                                          MD5:B00DBC62068ED5A2580A030E0AB25A8D
                                                                                                                                                                                                          SHA1:E4B348F3CC56D61749929A722A4081E0A00ED47F
                                                                                                                                                                                                          SHA-256:5B41B2F5367516B08139E31150AC48C16A256136B96C2D33ECBBB502AA8240EC
                                                                                                                                                                                                          SHA-512:E407BE25D483862B1CA772F12C49368E50C7B27BE9045209AE6350F46E091E6F7BC8BDB67F40897F2DDD6384B021297C119724C120EB91B1C71BAD9B25CEFA48
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE.................tRNS..k$.\...'IDAT(.c`.0......P...X.j...b.2..C..:...C.L...1&....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\tumbler-icon.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):5.1853515197363444
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/ySx1oA8mfXa50lD4a0eup:6v/lhPKN2Mj0qeqNHvp
                                                                                                                                                                                                          MD5:6E8D2AB7A6B39E24F7152B61103F1680
                                                                                                                                                                                                          SHA1:D35003C05E5F929B36129D5F6F78AE050BAB5BA1
                                                                                                                                                                                                          SHA-256:66BC18B0F169CF3C17C1EE95938B4E6A5F517594A7799839EB24468F05EA0511
                                                                                                                                                                                                          SHA-512:5D1D4351E4999DDEB7CC7CE894E824294672E34000BC8824F795724822C048EB54DC5DF4F6175A0C2E8013C7C69962552FAF9D9BF7C230E16D564DD1F99413DB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z...$IDAT.[c` ...c...?.e..E....c..2........3.n.~.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\tumbler-icon16.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):127
                                                                                                                                                                                                          Entropy (8bit):5.141135587181968
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vn0Xl/jgFdNNNWj0qIW16YAN/HAkaG5Ob5ZRmDnldp:6v/lhP2l/UMj0qeHOb5ODTp
                                                                                                                                                                                                          MD5:D4F0413B84CF58CF1792755A45687C52
                                                                                                                                                                                                          SHA1:0EDD307AFEE89BA3086FE15965101BBCDA056903
                                                                                                                                                                                                          SHA-256:DFA7FD0DCA712C77BAB4161E6E8D5C2DFEED76D3BFD75B7A194BFD5988EB55E1
                                                                                                                                                                                                          SHA-512:953A5325E94F008157A327B6485E2EC500A04855981D930741EFA86E2BBEF62E893F2CC7711775814DE33564803EDE623013C202B94C9D46D24228176929AFF9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............b.......PLTE............3.......tRNS...=..z....IDAT.[c`.......J.+....y..|$................IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\tumbler-icon@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):153
                                                                                                                                                                                                          Entropy (8bit):5.570142675030674
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/cFbfeaMqBZlnglWFKRB8os0f/p1p:6v/lhPKaZz2Mj0qeoWh6ZlnECy8x0fTp
                                                                                                                                                                                                          MD5:150D4E08F6162BA400DF9593A2B384C8
                                                                                                                                                                                                          SHA1:5F9F5B1BF80160B3C1A32F559F48BF5A7E992B72
                                                                                                                                                                                                          SHA-256:7D2EE15DC2297AE4C6E376DE8157B00F1361FC93FE374B2A170F4B9D2F90510E
                                                                                                                                                                                                          SHA-512:9566C3849E21005BF435211161FD5878D90A7BB659586A1FACACE20453F291F87C109DD0F927F36FE7DA0C9B0DE829F8249883CDFA1BC1FCFB6BCCA1921CC782
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...9IDAT(.c`.\.........b.dP..4..s....z....p...9_. ..~t.U-.*..?...........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\qtquickcontrols2.metainfo

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15567
                                                                                                                                                                                                          Entropy (8bit):4.375325481184021
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:HoOdBfuiDD4G95fxjHhr485QkaRN70NJEY5AT2v+ZWg:Hnd/xC
                                                                                                                                                                                                          MD5:218C6CD7718DA651586BE01E10BA4EE1
                                                                                                                                                                                                          SHA1:7A43E9CE0C50DBD58BC1F6284D397F86DBB5EC6C
                                                                                                                                                                                                          SHA-256:3EF9DEB4BA7F25FC2FDC6B6250DA83B8D46DBD8AFB93E9378D855683FC918C69
                                                                                                                                                                                                          SHA-512:44FA667413396FA81ED27B1F6F33A3C59709FEEB4E067483394E00248399AC9EB0BEDDD1D6B6468E33DA59B0F845EB9D422CEC5B96814DBF4295CCCFF1EFA123
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MetaInfo {.. Type {.. name: "QtQuick.Controls.BusyIndicator".. icon: "images/busyindicator-icon16.png".... ItemLibraryEntry {.. name: "Busy Indicator".. category: "Qt Quick - Controls 2".. libraryIcon: "images/busyindicator-icon.png".. version: "2.0".. requiredImport: "QtQuick.Controls".. }.. }.... Type {.. name: "QtQuick.Controls.Button".. icon: "images/button-icon16.png".... ItemLibraryEntry {.. name: "Button".. category: "Qt Quick - Controls 2".. libraryIcon: "images/button-icon.png".. version: "2.0".. requiredImport: "QtQuick.Controls".... Property { name: "text"; type: "binding"; value: "qsTr(\"Button\")" }.. }.. }.... Type {.. name: "QtQuick.Controls.CheckBox".. icon: "images/checkbox-icon16.png".... ItemLibraryEntry {.. name: "Check Box".. category

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33341
                                                                                                                                                                                                          Entropy (8bit):4.534136956343582
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:gima/rqfyvocsgWAEPHd/RBcWTkrmIhUeoiADLTEEZZjHK1TlbyQHhEUGBGgUq2W:Xb/rG+KXD
                                                                                                                                                                                                          MD5:09EBBE642F2775F9B5A752C82D5AA754
                                                                                                                                                                                                          SHA1:B94DB32B0D39C129F3A16DE43697B563658A214D
                                                                                                                                                                                                          SHA-256:86ADC43D2FB0E3AC925E7E7AD545C771D5CB45423F0E352D68C379FC9A205360
                                                                                                                                                                                                          SHA-512:D99E8B633691F0B5A2FC74E179EF97D6419D9951B1202AC17926F9F7C1E1F71D94578AFD545867B64A1FC18E671F95CF616CF88D890A1C5337E773ADA0342A18
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Controls 2.15'....Module {.. dependencies: [.. "QtQuick 2.11",.. "QtQuick.Templates 2.5",.. "QtQuick.Window 2.2".. ].. Component {.. name: "QQuickCheckLabel".. defaultProperty: "data".. prototype: "QQuickText".. exports: ["QtQuick.Controls.impl/CheckLabel 2.3"].. exportMetaObjectRevisions: [0].. }.. Component {.. name: "QQuickClippedText".. defaultProperty: "data".. prototype: "QQuickText".. exports: ["QtQuick.Controls.impl/ClippedText 2.2"].. exportMetaObjectRevisions: [0].. Property { name: "clipX"; type: "double" }.. Property { name: "clipY"; type: "double" }.. Property { name: "clipWidth"; type:

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140
                                                                                                                                                                                                          Entropy (8bit):4.5380471064327965
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BV9NKF7eURCNHJccvyWmopCxKeJQCKyxRSGIjNUkovBUoAw:xVfy7eU28oIQCDCGIjuvBUo5
                                                                                                                                                                                                          MD5:659ED029AFAEABBE4235968FF5292736
                                                                                                                                                                                                          SHA1:565CEBA5B695EEBBF28030965EE5929C2A5A2346
                                                                                                                                                                                                          SHA-256:7B404175BB8E2B0D3822E75320C8D6D09C61BB53F4513C235A7D04AC7D34FD57
                                                                                                                                                                                                          SHA-512:41FCB039C054C7DECB9FC7CA198F3218DC0965813758B66C5B8B174B732040A33F2D3F54037AEC7A9C48AF5CD3BCC798DDD41C7458924B8C9BDD49A38846195B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls..plugin qtquickcontrols2plugin..classname QtQuickControls2Plugin..depends QtQuick.Templates 2.5..designersupported..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):643192
                                                                                                                                                                                                          Entropy (8bit):5.000079550210281
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:KI4bYOp/pnp+pGp6pVpSpFpIpapFpzpUpippp7pgphpWp4pKpjpJpqpypMpapfp0:KI4bYp
                                                                                                                                                                                                          MD5:F343427EB8324E0EF531D4D3396B1C75
                                                                                                                                                                                                          SHA1:D825155FEC5BD9F05DC82729D004C8FFC7E77AF0
                                                                                                                                                                                                          SHA-256:F7817AA2CB282B0A8685CAC6F68548E20C5BFEC01A4D3ADC06F307ECE27053A0
                                                                                                                                                                                                          SHA-512:9F35F08AFA0E498DCEE1C224F817B5CC0EA42BBBFBF13C24B61AFDE203957CF57C3AA0BDF52A80974CADDFBBFDEE4B51A07E87820A669FC71905B86F69B3AEE6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(.7.laY.laY.laY.e..jaY...X.naY.7.X.naY...\..aY...].faY...Z.naY...X.aaY.laX..`Y...\.*aY...Y.maY.....maY...[.maY.RichlaY.........................PE..L..._r.^...........!................9........ ...............................0............@..........................J.......J..........`...............x........)...1..T...................|2.......1..@............ ..0............................text...d........................... ..`.rdata...t... ...v..................@..@.data....9...........~..............@....qtmetadq...........................@..P.rsrc...`...........................@..@.reloc...).......*..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\ApplicationWindow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10075
                                                                                                                                                                                                          Entropy (8bit):4.717439306063525
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcG6ZTxk/vxN5PpD5srxnITJ9T0CPnTfvTGeTfUTa:RG61AvxqgJ9pPTfLGSfka
                                                                                                                                                                                                          MD5:5867D5245B718F84DB408F61BEF0586B
                                                                                                                                                                                                          SHA1:1C6D4995807E1A4D4AA1C60AF5E21B1249428068
                                                                                                                                                                                                          SHA-256:89DACB880798DE404343B7C7C601964EA9DB8C94C6D80E94488F16B4CB687A10
                                                                                                                                                                                                          SHA-512:FBE6E03CD93AF72B090CA71BE170F7CC1247C367A6E535D1E6675A12ED504DDE248A0811B663B2650F847E89E731450C950D7492914BDE725B9BF12CA0AD0644
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\BusyIndicator.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3172
                                                                                                                                                                                                          Entropy (8bit):4.857750127629911
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+OLqF9JXacl40XRJcynK:KogUldGcQWvVQ40X7cynK
                                                                                                                                                                                                          MD5:D1F9F9211AA7FAE7F0D9579FC123D685
                                                                                                                                                                                                          SHA1:62C23659B3A0447043BEB3C3965861574502E89B
                                                                                                                                                                                                          SHA-256:5F8FB95DEE1242FA981C0201D82E0094880C88F98EBB7516D5F692A63CB64F8F
                                                                                                                                                                                                          SHA-512:62948CCE34D7A31A411110ED0D024C61DD9A5372971266C749BD5344EBF92FE5C1ED8C7C67DC38E70DEE7E1DB2BE33234C3A55472EF1E9CA5539B287B878BA19
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Button.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4722
                                                                                                                                                                                                          Entropy (8bit):4.806184277509732
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy99nC+r30n9Na8slfYe31ppELTGITqtguPcwfZY:KogUldGcQWg6Y8MpELTGITqtguPcwdCJ
                                                                                                                                                                                                          MD5:2E42047FE47F5B070DC7C903C4E520FC
                                                                                                                                                                                                          SHA1:C4D55119C4E613E0ED48833C232BF6445738E1F2
                                                                                                                                                                                                          SHA-256:E30F2574809B4A3D6804CD6405FD56A1EB59F0EBD63FCCFADE27CC12E45C9EAA
                                                                                                                                                                                                          SHA-512:78BE625E72816EBE760052EFFEE160717F77B388887161589E19D8B4BFB4FCA59D3797BCEABD0C3D71B315D68F24AB0D934EAD0A4DC36ECC485DF6187FD45831
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Calendar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14053
                                                                                                                                                                                                          Entropy (8bit):4.631637955400076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGBf2NDPkWGQA/avHUMw42QsxsfwR2RH29hy7k0FXmFNMa:RGIGQA+2owR2RH2jbhD
                                                                                                                                                                                                          MD5:8271AC3D4E6B5E7BF47DAE0FCF2B6276
                                                                                                                                                                                                          SHA1:6A7E6A614EBCE44A0AFC940FCCD02C4B8EA6A3F2
                                                                                                                                                                                                          SHA-256:D5BC343B79803DBB1F28E2A9E88614F07DB92D04ABBB2C87DF9A83DFF47FC021
                                                                                                                                                                                                          SHA-512:F807C7E50FD158086737E33DD3C58F2395B0DD789C7A8BB322AF4E3A95382CFAAE33863B74B8A1D0BCDB6BDA246D62B00BC8EE0F0C7A5A17D3174A380BBA0921
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\CheckBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7217
                                                                                                                                                                                                          Entropy (8bit):4.730801636992161
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWMm9NQmNRDuvfQ5cQg0Q0xQMVbQohukHBQEuj82CcSFCrFo5M6F7AOb:KtcGtqOY5x7r+fpmcna5nAOm+wxK
                                                                                                                                                                                                          MD5:CDCE4812D071C06C97A540E246768C75
                                                                                                                                                                                                          SHA1:3F19A67F23AA2D6F65A7A132F1C697F72F01A9FE
                                                                                                                                                                                                          SHA-256:C2972F85CA4BCF1D5F11364E46C297D70F611F43F7618FD7E77B421363E3A4BF
                                                                                                                                                                                                          SHA-512:EC04F782D3E286A650CE68BAF546E70DE1813BBB5A561E4773D97FD1975ED87C76B1EFCC13FDA2AFB496E6D5217B9910FDE1BD97D6F09889EE1A25F0FCCF817A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\ComboBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26551
                                                                                                                                                                                                          Entropy (8bit):4.512383919219007
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RG7v/WdaFXoAhPF4qPsTsrCUVUQtayvGH29w:RGz26Rw
                                                                                                                                                                                                          MD5:14E14D914B7C5ACC5AFEBF0F8278AAF9
                                                                                                                                                                                                          SHA1:D77E16C080ED950CD315490AED12C327AF35A16F
                                                                                                                                                                                                          SHA-256:EC8D6D62031D1648DA0F7CF174E7FD707AF73CECAD3A7B1D53BB6FF06CEE6EED
                                                                                                                                                                                                          SHA-512:1E670ABCD65DFE438206D4091BF323AE1AFDA9C2CB1BE6A491E4805DBEE75B72FDD4915A829B98C35CD11502A905FFC7EFF09A1E18545D0BAD16A2155B617BA3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\GroupBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9280
                                                                                                                                                                                                          Entropy (8bit):4.5929490054621205
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWVmYoWPEdA+f2a0n0k9BdOwwjo2+tyS+YjdQ+f2gPAs5FWoMmun2g07:KtcGm4dy0+BojgYsxN5uqqjHNGp
                                                                                                                                                                                                          MD5:F62F4F4EEBB6B58235389E671C884AC4
                                                                                                                                                                                                          SHA1:A0CC6F3235A54B4F89A20AE2DE27AEE2F1D53730
                                                                                                                                                                                                          SHA-256:123C647773D5D885A3DB2F5E5BBFB13B51F2C8869783CEB48D5F93CB0E3401E3
                                                                                                                                                                                                          SHA-512:8BF61B9E37C41898216C0659AC728037D56925C4C7404D70B225767DD46F1A22EF7D4037A83E71BD2581B14304989ACBBA30D8BA03A1D71E69A643D6937D05A2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Label.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3212
                                                                                                                                                                                                          Entropy (8bit):4.839032765919857
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9bC+zb184zGdIdePevhTAhv:KogUldGcQWQb1pzESePuAhv
                                                                                                                                                                                                          MD5:1B379BBC8E1523FEFE718627A99EB7D3
                                                                                                                                                                                                          SHA1:35E8319E1C3B8E6294C8FA4A96BB222406973BAB
                                                                                                                                                                                                          SHA-256:F29D6F9D351F71FCD906996C6A3379589333DB53E867278BD0FEDC6504A9AE4C
                                                                                                                                                                                                          SHA-512:AFEF330B0EB7AAD230265EB5B752502E2472B50B1A2957E629D3E090A505384D87486786C2D3AE4CFF277099FC43D794C6024C4D6080C53FA7A29511D0FF4326
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Menu.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5447
                                                                                                                                                                                                          Entropy (8bit):4.706461728806631
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWRCCspEXP1hNgqjMbvpZOci9buA4KmFvZ:KtcGLCspEjNgqjwi9AKmFvZ
                                                                                                                                                                                                          MD5:6DF072421B299327247E0E4042BCDD19
                                                                                                                                                                                                          SHA1:49DD5B2A1E618FB66B97614D4B43E9AFADF5DE67
                                                                                                                                                                                                          SHA-256:E0DF7E7BD642AA535E7FFD5C1B3EA3A1E201C80B554749B05483ABE322E623FB
                                                                                                                                                                                                          SHA-512:2A75F81ACD054516F95395E1A738FB8CF33AE7A15C72AC73D4B0E0EAAE2DDBD1813FF7F000735C6BD7B886E926309251351F6FF2A19BA6E9761DABAA663FD6B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\MenuBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13079
                                                                                                                                                                                                          Entropy (8bit):4.3505082150816135
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGwslIqMINp8BschTZglH52QuxWYgdpChQ6sEz:RG3HQ35GlSbQ6r
                                                                                                                                                                                                          MD5:5893CD63CD0CF9808A8F0C08FF78B8D9
                                                                                                                                                                                                          SHA1:7C1E9C22AF12A79435210F8F3A878A3FACA8FFB2
                                                                                                                                                                                                          SHA-256:D00319C39C5D8ABA32D480E8A7543B7E9B2913951FE24037C5DC89EDF7F7B084
                                                                                                                                                                                                          SHA-512:A856BD9EBC448067C7607C8CD44F60BE4371832277A00D015BF908B4A4FECCC2F8424479BFB6165AE28DD2A169B54E93B5433C83D1702A8991BBD33BB0E1A7F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\AbstractCheckable.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6050
                                                                                                                                                                                                          Entropy (8bit):4.801017534733009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCflj2CJgwO7dri4vmQGRbAAQjhD6rYL6Kj3T:KogUldGcQWHgwVSFGp0V6r81yJHU7
                                                                                                                                                                                                          MD5:2334B6238EACCB034D39A6AD6E1CD87C
                                                                                                                                                                                                          SHA1:9B9899BC33AC4A9ABF0DA87918DD5EC04E086B09
                                                                                                                                                                                                          SHA-256:F1EC6B3620B6EB0B3D435CE92607FC3E6A229716595938B5BA2E616B8FAD5BC8
                                                                                                                                                                                                          SHA-512:B44AE6DF699AF67FFD8667E639E65723F346E03BE6AADFD994B93471063B965D80B87F292804E82089623CD42BC7EA9707B356627936FE71AC314F5E27CEAD3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\BasicButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8298
                                                                                                                                                                                                          Entropy (8bit):4.7170849721619685
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWLIUJAzsCGfYsgqjeSOOsTII0sRpzdz8oS15omcrp8otIkjXL:KtcG6IUgsC4HnjeSQTI618oq1MTD/
                                                                                                                                                                                                          MD5:884A006ADD8AB89428F89D6393A691FA
                                                                                                                                                                                                          SHA1:C9F0C601EF010D7381A876B976114ECD282358A0
                                                                                                                                                                                                          SHA-256:1651BC9C0BCC321BFC1462D4DE6A51007DC933B159980646656E74B33CE239D7
                                                                                                                                                                                                          SHA-512:A34041F8BF35C3E9AB425AEC096C7D3F66FF0D77AF211464E850FFEA6EBBDDB809C0ADDB73001E19C263EC9661EF7D5C3AC3B494ECDBC70E2F88A2B840130A54
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\BasicTableView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33193
                                                                                                                                                                                                          Entropy (8bit):4.2929858506797425
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RGX+HVCDtXjiS0NAizKBwH5JwGJBZJI0UIHLfnNJyXyTHwL5sP:RGX+uYt+L+LTw0
                                                                                                                                                                                                          MD5:CBF541940BB4350BC41AF5BCD8513851
                                                                                                                                                                                                          SHA1:F8EA2B84128249DFE93043C29EA54AA8CA76D732
                                                                                                                                                                                                          SHA-256:48FB1E24F78D3631F75423929537A3CCEBCE92A5E551E7C0A01249B99A15AE7B
                                                                                                                                                                                                          SHA-512:EE4E12C2A580618D711DFF6C9EBC4936DE0065A091C2FEF886E7DBE0A64DE94F950A058862C09F5BA80D69638A1B8C01BDF8EA62F189E8FB0076EB102A775E43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\CalendarHeaderModel.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3841
                                                                                                                                                                                                          Entropy (8bit):4.861457775013162
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nKg9T+L0Dk1akEkg+kyk6kbk1WMue:KogUldGcQW4jKlF+7DQ3ue
                                                                                                                                                                                                          MD5:E93DF9572C77F934688CB8B498820DD8
                                                                                                                                                                                                          SHA1:CC7F75E4FC6C83F4922CE71708D1A8A1445E0BD7
                                                                                                                                                                                                          SHA-256:F4EA2C35462F76B142231DC83B536B1F93F030379BE115BAA131934CAB4D8021
                                                                                                                                                                                                          SHA-512:7436FE36D939A9864AA5C9A7604B281202CE51E149E4556D25030B9AEA73A3B145F81BFD3CC451A3FBF522708B1CA2EFC90E1B5B782B9E66C77F7C5042F439FC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\CalendarUtils.js

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5714
                                                                                                                                                                                                          Entropy (8bit):4.958893492664727
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWa2gOIZIk5Dfp/zHHAH9/581tht7UgrO4WSClyx8czs9n/OIvR+:KtcGhnlgH9581t7UgXWSClyxW9/T5+
                                                                                                                                                                                                          MD5:8EF9D96911E8B0AE9E2562662A516405
                                                                                                                                                                                                          SHA1:2E98D524FB217A7A9E2FA97EBE1EEA6A2DC013A8
                                                                                                                                                                                                          SHA-256:71E7B220AF9B62B2EBCAEE5B93D435C5A33BC6848CF29F785BCE082858C100AB
                                                                                                                                                                                                          SHA-512:D9E2F57512ED2134ECFA8EAF4B6B5128546C15B099DB1480235853364EDB90E6A4B63BD3620535B94AA927B8B6009772C60A75672A30375B55C0897C8D38E701
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\CalendarUtils.jsc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3384
                                                                                                                                                                                                          Entropy (8bit):3.518594661666257
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:JrriQYeEbazfNXFYiaVONj303w3ppQ3xz//:Jrr9BEbazwiaVONraw3Wd//
                                                                                                                                                                                                          MD5:3CF090913D6DA3274AD7A07D6110F87A
                                                                                                                                                                                                          SHA1:EDBC53363F1981D64B636E2D2EF4B7B214FECE87
                                                                                                                                                                                                          SHA-256:6CAE580C1EBD3370AEE62D3FA0DE5C848DC45D7B881437741E9436CA7BA4CDF4
                                                                                                                                                                                                          SHA-512:937A31692A16F7953F4022F4FCB4C3D187B3A02F42C00517C182F3CB12609A8E250BCFE91E68C20F5BA77B048FCFF4D595B25F91DBE2FA71202FEABBF19053E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...............8....................................................Y...{x.......m....................!.......................................4...........................................................................................(...............................................................................................................................................................#...0...@...P...P...#...`...p.......3.......`...#...S...S...0...p...#.............................../5......................p...y...........8.......8...............*...................*...(...+...,.../...0...2...E...3...a...4...v...............................(.0.(.0.(.0...0...0...0....................0../...0...1.......|....2......3.................0...........................(...V...........8.......h...............b...................................................................c.......d...(...f...5...g...B...h...V...i...j...j...~...k.......m.......o.......p.......q.......r.......s...

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ColumnMenuContent.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9417
                                                                                                                                                                                                          Entropy (8bit):4.628359677996762
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGzp/zjz+D0MUSYbV9fklFtgY0skwhmiWWJ5nU1yZcyc1TJh1fGTr:RGas7T+UACztKr
                                                                                                                                                                                                          MD5:7C237BFF401C547DC20DEFD84CD178B8
                                                                                                                                                                                                          SHA1:35827C05C85DA283060D76F9F6531C3F418F574A
                                                                                                                                                                                                          SHA-256:975BBC80DA2F1BD057F0FEBC8F4F2F4CBA730875F24F1DD1AB19AB9C1424144C
                                                                                                                                                                                                          SHA-512:A60B8AB4C343B2F07DB426F6BB2085EF2D3CD5DFFDD35F6A6A7F25FCFC885B823B517FB32C841DB1ACE819EC245955ACE286D22F5BAA0FB338664BE332161830
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ContentItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4611
                                                                                                                                                                                                          Entropy (8bit):4.990010731789747
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWL9DiQOOWOaphP1+JIShNUtvme:KtcG8DIOWOQ9EeVV
                                                                                                                                                                                                          MD5:B6B8F57D8DB0F00AA169DCEAFF7496E2
                                                                                                                                                                                                          SHA1:9CBFC0A49DF3BF1B5D0FA4F19C085702A4730096
                                                                                                                                                                                                          SHA-256:EABC8322BE26364621ABB055C8FC60567496F03283CCB29DF52282E5A9FC1CB2
                                                                                                                                                                                                          SHA-512:70F59759BEF5C357B80D60CD0B0276A7E2168B939549B71EACC4A092EF20FA22FB957A1B248E5662D5E5324437D1F1B1AFF12D734D40BF503DC672094824154F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\Control.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3391
                                                                                                                                                                                                          Entropy (8bit):4.835501223694417
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nUWBNFGjVjojFvJ6/Jh5jAMtXpiB4oCvhoJ:KogUldGcQW2BN4lkFxSjXgSe
                                                                                                                                                                                                          MD5:C44B244C04F74D3A6AB99849BB974985
                                                                                                                                                                                                          SHA1:342741FE993B9E723CCA3B4FE4BA8D5C7352164D
                                                                                                                                                                                                          SHA-256:AE60C761D16DF1CFC3308DF1D600D5AED403B95377B56B870A5B08AF9FEE476A
                                                                                                                                                                                                          SHA-512:AAD4EA8CC67B8F7559AEFA98930F60940B386094E6FFC879D01D02E2B9E3800E149661AEC72B513584C2C87A6860D5C909C7F86BD699004706B6E24F5FEA1727
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\EditMenu.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3383
                                                                                                                                                                                                          Entropy (8bit):4.814159570683156
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCAwomc8c3TiTCo6nPJo:KogUldGcQW6wom9kiTYO
                                                                                                                                                                                                          MD5:B48053C0E232FDE426DAF51151B93DA9
                                                                                                                                                                                                          SHA1:B981463D498E35D158630C2CF5DEF039F3D12621
                                                                                                                                                                                                          SHA-256:46B63D90FF343644506D788C6EEEB99956F55A6CBE297DDD998FC7438196B968
                                                                                                                                                                                                          SHA-512:6E7E9BBB3D4C5B4AC10BD188DCC9463E1A60A3617DED2DB0C808A68464C63F1A63B62EBF94BFB3BAC60DE58C55F3D903D3EF672E95A4769CA670F597FF94FF4A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\EditMenu_base.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5989
                                                                                                                                                                                                          Entropy (8bit):4.636882423408465
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWa40S3uK3eVoqtWo+DPLrHQLhFAP06iM1p8:KtcGBbF2MWT3HADAdiM1G
                                                                                                                                                                                                          MD5:F65418D60C05CF3322ABAFC6FA1412CF
                                                                                                                                                                                                          SHA1:E87102845BAF8FFC20C44C9F34CA2A5DA2E61735
                                                                                                                                                                                                          SHA-256:076E471444B7A512D0D19F39B6DC836F7A50D5049059CB26A0AECCCCDEF55439
                                                                                                                                                                                                          SHA-512:917BEE82351C03538A9AFC47C259FF84A3D93FC0114FE9002A62B65EB7ACAD1ABE50713D656231B65273114BAE5359C311CCC0894E0A1DC5C8824FEBE0F73E06
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\FastGlow.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9830
                                                                                                                                                                                                          Entropy (8bit):4.542740073103384
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcG4zlGrTY9cNJGBRNaTiN/spNYZ4N1/WbMXyJA/M:RG4xxmPcu/byB
                                                                                                                                                                                                          MD5:AEDFA8AE1834BDAE1D4CF32BA070FFBF
                                                                                                                                                                                                          SHA1:07C477570F131A70D1543C9E1D512B698BB05308
                                                                                                                                                                                                          SHA-256:545DE8F164CA5F49EA73F7A08305FB12806BC7B2654FDD9B0B14C275BF743CF5
                                                                                                                                                                                                          SHA-512:3FE310861519DA2C322F89B5D8C0B9A30F3FB52CB078506B156B9556E93B94CC89707BE6CC9393D6542D51971AD8D46E9B64980F6A72738FFDA168529E1D54C3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\FocusFrame.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2653
                                                                                                                                                                                                          Entropy (8bit):4.881994442458163
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+umv3:KogUldGcQWdm3
                                                                                                                                                                                                          MD5:CDD54D4C1D7F711CCF612B229D1745A4
                                                                                                                                                                                                          SHA1:CE9ADDD7481FDE32A7357F63DCE50A2146CC9E0E
                                                                                                                                                                                                          SHA-256:A4C6F0904FE3A42898A4A6B662491075AE5D10A820172058BF88CD156C733B2C
                                                                                                                                                                                                          SHA-512:25DCA3A22B5C88CC03F4B596A35B6805BE4AA2F6628FEE8670C9FDC8601A826AC69A23080E8CCD3F2969AA9E1AFDFD6BE5D9FE7F0F492B5192A1E9C5F92E45EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\HoverButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2931
                                                                                                                                                                                                          Entropy (8bit):4.824223917837498
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCz5bMHq8PtBi:KogUldGcQWx0Xfi
                                                                                                                                                                                                          MD5:2FEC5D0A5B310A979807837BFA9DDF3D
                                                                                                                                                                                                          SHA1:7CED0A6AD47D373E5C78EE0B4B011716AD1069A7
                                                                                                                                                                                                          SHA-256:F37EE6C81A402309CC49EB69A9500A41E79B4660EB8D8655E31D2EE6557143CE
                                                                                                                                                                                                          SHA-512:16EF0B25088BCF3D80EE2EDFA2688C5F9906D1708FFD8401B258AE70D9DC16235C76C664053FD2A8E334F0477038B991EEFDA0D580B43E244988D30D832301D3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\MenuContentItem.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11186
                                                                                                                                                                                                          Entropy (8bit):4.547609129759251
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGyRxuSaHzzC/wft/dVoyTc7MgCSdVD0Czs4Yn3GgTf:RGyRI/3o+S1P0Cze3GIf
                                                                                                                                                                                                          MD5:F6C3C649EF339F45202B8D39A6E526CF
                                                                                                                                                                                                          SHA1:F8531CCF789D115E0F59BA075B8FAE8FF64DCD51
                                                                                                                                                                                                          SHA-256:CD10E23812C99EB63FC34C226A8FA739AE4D2AD751BBC372DE37FE1D8EE553CB
                                                                                                                                                                                                          SHA-512:3D0BC8C9B646A935E4D08C318A3A4001BE4F8F853A94D43C0F734D2CD37C7B53C19797B5F586D9177348CF7A9C462B2CD5DED579CEAEDBE4B8064FFE8311CADD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\MenuContentScroller.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3156
                                                                                                                                                                                                          Entropy (8bit):4.80385659327207
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCdJUDLo1IzviEX41+SkDZ:KogUldGcQWTJUDLo1QviCic
                                                                                                                                                                                                          MD5:E23BE324C4489A0FC9ED575F105411AC
                                                                                                                                                                                                          SHA1:E9C0A5F4A8785F924D05460D42567482DF4ECB41
                                                                                                                                                                                                          SHA-256:C7EC54404C3168726BD8C84EDFCE0300139C4C8D0033DEDE6C75BDBF18330321
                                                                                                                                                                                                          SHA-512:E14C2BEBB472481710B13DA3B0FA41C8DF7552C2DA7ABE20EF5CF53F2426D9C6ABF9C395F1D6AC9ABCA48C76EA726EE117BE6E407611E2B87A0839BF911BF866
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\MenuItemSubControls.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2220
                                                                                                                                                                                                          Entropy (8bit):4.8311463753103085
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N739/tv:MLoO6E+iCshVKzlOWGf0hEVufy9l
                                                                                                                                                                                                          MD5:C5840D0329592D5E734826BA47CAC90A
                                                                                                                                                                                                          SHA1:1A5F1BBFE92A8CBF4A6CCE221A7BE6BA6C529222
                                                                                                                                                                                                          SHA-256:76E7F170FE157C78E7D802DC0798CAFD749B5B550D2A3FDEB2699FBC9C0B09AB
                                                                                                                                                                                                          SHA-512:F6079C21EC06A64C768B2E35622B320A825744E963531A7DED9DE5D5FD95E186ACF82CBA6202A602FD23594C5921A53EEA0CB2489A74995308F5689730B34F68
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ModalPopupBehavior.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4605
                                                                                                                                                                                                          Entropy (8bit):4.758962867009659
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9EAj9+9X1y5nTcmdftkZJmFLC5ZXiRS:KogUldGcQW1AB+96Tc6t0JNES
                                                                                                                                                                                                          MD5:A93883D509CFD30E02700670A6D534E8
                                                                                                                                                                                                          SHA1:B38B28A3A31DEA74C18F22EBD8CBCFDCA2958A9D
                                                                                                                                                                                                          SHA-256:AD226BFAF454E3FC1470DFDF487060BCC4CE87C6C1E04F9F41D3FEE2B163195E
                                                                                                                                                                                                          SHA-512:ABD2A03D4DDBC98DD15936992F57F4C291E2967B7DF3C27641612FA261AB326652732DBE4C462E898893920A9CB8E4FB5FA50C7963B2BA8F1A29F3776D2F9277
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ScrollBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9203
                                                                                                                                                                                                          Entropy (8bit):4.547491093106234
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQW3v8IarAvLnsR2TRk48jWtoSa2HLTGXTdYyDPX2GeXtfTDiOx:KtcGAv8IaanB8jWe1YqXj7XCXBPiOx
                                                                                                                                                                                                          MD5:37F19972A2D331B7A6F2F1ED209D800B
                                                                                                                                                                                                          SHA1:71A7EEED3BFB6E9CEFD63AF76CB17E879297393B
                                                                                                                                                                                                          SHA-256:0F5F51CFEE83E7BAB513F6AFF232958A54952D38D65FC6AB52D0A873BFEC8077
                                                                                                                                                                                                          SHA-512:64AC782CF07889337B277E3135237FED690AEBD950DF0596F0AC1E12CD79FB557F3D0986DFDF4CAA445D864630616D3A3EA01734CE88A1466D1085A019A97258
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ScrollViewHelper.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9257
                                                                                                                                                                                                          Entropy (8bit):4.675180698058861
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGf7MaKztzp6B1T79nP0TfWwT5bFZCYEnmKTfQCT9JF:RGfYaKztzpMxPEfxBEmmfhd
                                                                                                                                                                                                          MD5:BA2E9040C82CD7D1D469AC2CF886B64B
                                                                                                                                                                                                          SHA1:FCD1B3B2B046E5F4BE358D10DB8AF5BDF2D56CD1
                                                                                                                                                                                                          SHA-256:C850EE4F3A7AE41834700939CD159845D9BAB2DD3C15A1FBF0B8ECB658342DA1
                                                                                                                                                                                                          SHA-512:E30E4D9044B3619773CEA1EF5B6C51AA049BDFBE2CB302A59AC1575EF795EE3ADC774506AE6DAC1E17FC4D88099E67AC5AB18E7722A420D09EF5FFECAEF94B42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\SourceProxy.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4873
                                                                                                                                                                                                          Entropy (8bit):4.746641702829244
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWits1hEAMoFMZvf6Zn4k7uxoV0:KtcGdbXvf6ZR7uxoV0
                                                                                                                                                                                                          MD5:C03EDAD44F38B6B0538360599C5762FD
                                                                                                                                                                                                          SHA1:10DDBD689723D9811E03891D980D382E3366B5B3
                                                                                                                                                                                                          SHA-256:3C335EBC60A60EBCEA3B2A468A341B2AF3935DF0AB88F108F517A6DDB1E4EE28
                                                                                                                                                                                                          SHA-512:9DE80F57D8E8B33964508E95CE9D6863A27E3013CC8CF5CBEF9F6C219BCEC2FB8072164D2B7D7B7AB4A7CB7B669F6CEB0099410CB8FFF6E0CECDD4EA1308BE34
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\StackView.js

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2361
                                                                                                                                                                                                          Entropy (8bit):4.882092902880487
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyzDBTV1T1w:KogUldGcQWUDRw
                                                                                                                                                                                                          MD5:50B211F802E57ACA8AC9228EFC05D00F
                                                                                                                                                                                                          SHA1:28DFDEFC398241ACA453C5403716C8971BFAFBBB
                                                                                                                                                                                                          SHA-256:48180D35E367EFF46892D99E5BB05210F0930F87F1AB2EE12C9F642288E03836
                                                                                                                                                                                                          SHA-512:11342B69BCA766EFA30E8B496C50753FF52491B7AC81C5B1FC8EABF491FC16903A4634C7DD05618145B892D28A479B560C5459C9A72A357A50D68C5C81B0D87B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\StackView.jsc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1224
                                                                                                                                                                                                          Entropy (8bit):2.750005367540721
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:sQt7sDDtc2RVkX0flUpZ3itKIcLw/WjyInIiSCg:sQt7sG+fl6liMtzj3PK
                                                                                                                                                                                                          MD5:9F80E2D3051600962B626AB5EF8AA1CE
                                                                                                                                                                                                          SHA1:1D626D50D547A97D3A7FEA4EA6CE2C9748CCDE14
                                                                                                                                                                                                          SHA-256:4BD6DD850BCD63023F08E7EC59D8A99BA784951918B4062D6D0F29F4ECCB4C0B
                                                                                                                                                                                                          SHA-512:714117B6E306CCB33A0857663FA608BC273CF4E948F402129293BD3C2FE932E3EBE02862200D7BD3809E9DD5A6CAEDC6B0DA3E005E99B90F44A630F0A934C3E4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)..................................................................._;..>XV.j+._.&.........................8...............................................@.......@.......@.......@.......@.......@.......@.......@.......@...................@.......(.......(...C...P...C...C...P...C...P...C... ...c...C...0...c...H... ...........8.......8...............(...................(.......A...............(.0.(.0.(.0....0....................P...............8.......8...............<...................>.......?.......@.....:....h.L.........:.z4.........`... ...........8.......8...............3...................5.......6.......7.......8.......9.....:....h.L................z0....h...............8.......@...............*...........................,.......-.............../.......0.....pL..............x0....................`................... ...H...p...................................................................c.u.r.r.e.n.t...........................p.o.p...........................p.u.s.h.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\StackViewSlideDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4863
                                                                                                                                                                                                          Entropy (8bit):4.434798897264616
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nZafoM1fI4B2+T/GnW+f4mf2+T/G5+uI433Fz:KogUldGcQWVI43k4+YI4nvC74Kvf6
                                                                                                                                                                                                          MD5:B077A08FF6441BCB06AD98DCFA410D3C
                                                                                                                                                                                                          SHA1:5229A1B8BFDEB3A0C7AFC2A104F24952D4622906
                                                                                                                                                                                                          SHA-256:A1B5C975825B453C5A80F2C4969955C7C0AF5A71ABCB63AAC9FC1AB27D7BAA00
                                                                                                                                                                                                          SHA-512:9E01B406542F54B64C061D1A915A26F8E4E878F58890B095C1505AC83553341A19437C1D178175EB5A3D54093756AC5C9609522AFA7AA559CB91BA0683442F62
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\Style.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2266
                                                                                                                                                                                                          Entropy (8bit):4.853909747945728
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+Qgz:KogUldGcQWiz
                                                                                                                                                                                                          MD5:2A576BBA1CF11537E15C0200137B8201
                                                                                                                                                                                                          SHA1:FA18251A1ADC02EC230E80F7AA9796C5813B0742
                                                                                                                                                                                                          SHA-256:B18E9DE9FBD7B7CCA9AC08BAAD5216C695142CDFCC41B7CAF37D95CD48BC53AF
                                                                                                                                                                                                          SHA-512:B961390C8A91269BEFD5FF71367ECFBE10E5D7D745716F32E7A168BE51FBEFFC1C8AB79ED7C23F3D9BCF142B4C74B8625530CDE4EE87D781F8FF3FB4DBF443D1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\SystemPaletteSingleton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3425
                                                                                                                                                                                                          Entropy (8bit):4.8544567803873955
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyyU51hdC7m9WYW9ujOn7u3sT0IOBXybv5Urx:KogUldGcQWCy7mWnqVH
                                                                                                                                                                                                          MD5:4C1ADF18775AA9B85EA5E459596917AA
                                                                                                                                                                                                          SHA1:CF899FFF3DBFCD0603C72788A630930949C3D6C0
                                                                                                                                                                                                          SHA-256:E56F3BDCFD879C8693FAA9A279F059D93202CA17CA246D5D1A831CF00AF42080
                                                                                                                                                                                                          SHA-512:582820E357405A831947F0B5A1991EB49C65D280FF4AA2F11008F703E55156D6A38019C61CE6C1B815B716A89B6DD054BD5EBBD0ECA6DEA03EBF8375DFEE2D88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TabBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12756
                                                                                                                                                                                                          Entropy (8bit):4.426522592087365
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGHOJLyyjiFX70aTrklQO6KaTYSY3E3XS/QoGmpGNlpP:RGPN70uy21UG0Gt
                                                                                                                                                                                                          MD5:38F5465E469F1713C883D1D7AE1B0929
                                                                                                                                                                                                          SHA1:6F2BCD3B11C9AE5D0A8BF3FDFCA854A022C6B555
                                                                                                                                                                                                          SHA-256:D7F4B886C50DD7EA6A54EEF48C34650E5ACAFE303B332044D3162BA1D8E96399
                                                                                                                                                                                                          SHA-512:F33BBF6278C21ABD4BA20AB3AFD6318CC6B5AC49BA06F49AFFCF077EDAA9462299249AC4DBE2C568EBA449FAF9EF084EF09FAB96D077A73184C363BAB389E2C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TableViewItemDelegateLoader.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.889581868279411
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyBsa+HEMr8/AvWIzLoGIir7w/g5IY6XFdJ7vM/x:KogUldGcQWS1+FbQGDHj+Jvwx
                                                                                                                                                                                                          MD5:B2649334F094FB84301CE7B4707FC55F
                                                                                                                                                                                                          SHA1:5E098BD41BF4AA7061E078D25D462DCA67867489
                                                                                                                                                                                                          SHA-256:F989CC52662928AD96F2695C927AE7A9030716D2B8B32A3558DE48A71F368053
                                                                                                                                                                                                          SHA-512:7DC7E3553FBD4CD509DF29B7BEAF635320A0F014EA81B7A9732EE792F907126064D789A4C8529DE4AA893B2C764F26294F8B2B29EF93A6FEAC5B0C45401F8081
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TableViewSelection.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7164
                                                                                                                                                                                                          Entropy (8bit):4.589750615977315
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQW+NDMfucOc96BB7EN3gkO6fGkbGVgiCU:KtcG7MGcOL7ggkONCU
                                                                                                                                                                                                          MD5:F7D17922E90FEAB842FD6E278A6BD853
                                                                                                                                                                                                          SHA1:D617BF6A5972CD510BB5E1C79F6D831A24B1EB91
                                                                                                                                                                                                          SHA-256:ED1935591C3F9A63A3F6123839CE3A8B8869D0350849583EDDB6F075FFF8928F
                                                                                                                                                                                                          SHA-512:F700C13E8857BCE965B2F9FF4035D9E4E97ABA821D5A71BD57D27C196386F26C18CED64F50AED726706F67048DBDBE8AC5D6C5E3700A13738FEC5BB1B2692008
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TextHandle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5192
                                                                                                                                                                                                          Entropy (8bit):4.686492495072203
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQW1SekN7ZGZDwn1qDnr7av7wKOUl04GhfOYj1H:KtcG28NQxgcDnCjwpb4MfOYj1H
                                                                                                                                                                                                          MD5:643BA5029A59F3E401A5DEFEA74299D2
                                                                                                                                                                                                          SHA1:B3117B595D3A428584F4C2CCD512AB7EB9C090B8
                                                                                                                                                                                                          SHA-256:5B7A9043C92CFCBC928579C1341524F034EAC837494FA420EDCA0498D50342F3
                                                                                                                                                                                                          SHA-512:6F2005F598D2EAF55CDC81DD7C56C0BA976DFC9312358892E97619BEF4979554C78C32BF93E9A8254A1E590E398D17440B88F59D1B465E8CD6EB600F245140E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TextInputWithHandles.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8229
                                                                                                                                                                                                          Entropy (8bit):4.711477100285126
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGMBMlXSJIMr4yCIPMDOhTBoSdAOZM+k+IFMgolRk+ysMzFM1:RGEr4m0DOHw+Q6DRqtz61
                                                                                                                                                                                                          MD5:8AAAB13E4EA785CDDA42AABAC77A957B
                                                                                                                                                                                                          SHA1:B130F63A5D72EAA05FAF08F2B1E8DF7A8B0479D0
                                                                                                                                                                                                          SHA-256:28C45A87F5CCEB7AC9DEFFD6910FB1E1563E0B2FA3E34913D3B6BD3B00C5FB89
                                                                                                                                                                                                          SHA-512:5E3891871B528D18A199759ABB1F9AD1B3A1FA382CC2EDD54F010E64C827BC7567C19DECA7EE51D15A23EFB3400FEA48C5BD6EC0E6DBE38189301D8837B202F4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TextSingleton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2020
                                                                                                                                                                                                          Entropy (8bit):4.825477059078544
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfyyUNH:MLoO6E+iCshVKzlOWGf0hEVufyyU5
                                                                                                                                                                                                          MD5:5BE64BA656B8F7A0957290F889A5D88B
                                                                                                                                                                                                          SHA1:B3470BF3AF63162BCF67C9AAE70E28A60CFBC764
                                                                                                                                                                                                          SHA-256:8649D411DB1A6BD02AE63076A2FE2B1050BAF64ABACBA958930C3E52ECF1988F
                                                                                                                                                                                                          SHA-512:16C44A545A27ED81E7ABE679A3EB4EF4AFE51A43A846D30C99901F5416F4AA7AD925E2AA751B12D4010EB87E6282070A9F04B0500613022E16F793C45FE02994
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ToolMenuButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4615
                                                                                                                                                                                                          Entropy (8bit):4.792962273105971
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWPItn8Uqhc+B6oIv4Lw69CS1TGITr:KtcGIItn8UqZYoPwHS1TGITr
                                                                                                                                                                                                          MD5:7F1C253C812495BEB83825E770966804
                                                                                                                                                                                                          SHA1:000D0206442A313567180763C1E043CF43DFCC50
                                                                                                                                                                                                          SHA-256:7A136915B179CC75F952D1E57B622216AC884295E085AECC087D3923F5B5B0BA
                                                                                                                                                                                                          SHA-512:AE23CC99F14290431A54AA2719ED23BEB8A3B38C65CB16AB6283B3BC9BFB758B57AF01E354E680C15A5DEC2CB6C6A7489C636D6C4351316AADDC8836922AE2ED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TreeViewItemDelegateLoader.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5059
                                                                                                                                                                                                          Entropy (8bit):4.915575384873494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyBsa+HEMG+xuKsO24XX5RZr7w/g5IY6XFJ3zNZZ:KogUldGcQWS1+vsO7/HjkzN/SCD/
                                                                                                                                                                                                          MD5:4A787B69613503A130A393BF4067FA58
                                                                                                                                                                                                          SHA1:680DAF095DFB6C1A5A20129C8DEC093AD95A89CA
                                                                                                                                                                                                          SHA-256:E8E098A622B41C091528F61C611FDBFEF52C9DC50C324C3591B2E86FB21384FC
                                                                                                                                                                                                          SHA-512:B42E175DC1FA94475DD6CEDAE113CD794AA269D58F8BD4F193C4128CCD62B38002A1DF9C50C1182AEF11DCD3B0066FDD300FFDA7FB29E4231F132F3083B9CB5F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1486
                                                                                                                                                                                                          Entropy (8bit):4.931489821141917
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:GrvV/3OPO+Nv3ASPJbNErXSaLpua0p5IWCIR5JkAUnA4H461yWIBlEvz:Grd4Nv3BPJbNEriaLpua0p66R5JJUASl
                                                                                                                                                                                                          MD5:20AB7D17BE48C20278D09CC12F7626E8
                                                                                                                                                                                                          SHA1:74CFB09A1A59EE6D4E603EA1760268D9D99635B7
                                                                                                                                                                                                          SHA-256:FA434686F6ABC72813F1285A2FE12DDCFF0F197ED719EF2B1557681DF739FFEC
                                                                                                                                                                                                          SHA-512:5AF68D6A6843E8E4B4C6D2CA2C30AAC571D68C6E82B56BFF74DC58C486B9AD27264E2C4CF80766124CBC61AF084992E787F6E50F1CA1095054B4EF5395CFDD9F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls.Private..AbstractCheckable 1.0 AbstractCheckable.qml..CalendarHeaderModel 1.0 CalendarHeaderModel.qml..Control 1.0 Control.qml..CalendarUtils 1.0 CalendarUtils.js..FocusFrame 1.0 FocusFrame.qml..Margins 1.0 Margins.qml..BasicButton 1.0 BasicButton.qml..ScrollBar 1.0 ScrollBar.qml..ScrollViewHelper 1.0 ScrollViewHelper.qml..Style 1.0 Style.qml..MenuItemSubControls 1.0 MenuItemSubControls.qml..TabBar 1.0 TabBar.qml..StackViewSlideDelegate 1.0 StackViewSlideDelegate.qml..StyleHelpers 1.0 style.js..JSArray 1.0 StackView.js..TableViewSelection 1.0 TableViewSelection.qml..FastGlow 1.0 FastGlow.qml..SourceProxy 1.0 SourceProxy.qml..GroupBoxStyle 1.0 ../Styles/Base/GroupBoxStyle.qml..FocusFrameStyle 1.0 ../Styles/Base/FocusFrameStyle.qml..ToolButtonStyle 1.0 ../Styles/Base/ToolButtonStyle.qml..MenuContentItem 1.0 MenuContentItem.qml..MenuContentScroller 1.0 MenuContentScroller.qml..ColumnMenuContent 1.0 ColumnMenuContent.qml..ContentItem 1.0 ContentItem.qml..HoverButton

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\style.js

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2540
                                                                                                                                                                                                          Entropy (8bit):4.967394572082259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyFTUWsHLgKqs5Xejg+o4k51I5d:KogUldGcQWaToTaKsn
                                                                                                                                                                                                          MD5:42B5203954B0E4D9EFC477B558D3C8FD
                                                                                                                                                                                                          SHA1:5D8142C39D0960F4E6B58ADC62FFF561AEAF70F9
                                                                                                                                                                                                          SHA-256:E337C73325AE18763172A328B819B036E6F42C412A77454731B14AC5F05A1E3D
                                                                                                                                                                                                          SHA-512:D3C1E8B50D7993B180355279E6414AEBA61C4217656B56C9F89AD983F8B4770C4F776ED446BBCFD977EE0A8E5F6A69D0034B6B1FE79568B3D0CC5125C90168B5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\style.jsc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1976
                                                                                                                                                                                                          Entropy (8bit):2.820679200645265
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:7x3sRHzsgwD6oPrhgJ4NIvguvXzN+KMq4s:9cRHCvrdSgoDXMs
                                                                                                                                                                                                          MD5:80F232BCAAC7F002E70C78857751B4B1
                                                                                                                                                                                                          SHA1:CDADE6F84F269A98EB324404CB9C92064B679386
                                                                                                                                                                                                          SHA-256:555FDB6A54C6A7A3138A60624D8086636F598188F932E77DAB9CA86D7A74CB2A
                                                                                                                                                                                                          SHA-512:7D9E2C82932A53050BD65C40BD2D6624BABF65F9BDEC82642337E7E27EC2C287044F04241FBFC6CC49474CB4B9B9B3170F627DC40E3A2B0B1E7D904DE3BF84E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...................................................................y...;....1....-.........................................................................4.......@.......@.......@.......@.......@.......@.......@.......@...................@.......8...........H.......`.......3...p...S...3...`...`...............H...&...........8.......8...............*...................*...#...>..................(.0.(.0.(.0.(.0.(.0..............................`...............8.......X...............0...................................................1...................H...............8.......@...............<...........................=...................P...............8.......H...............4...................................5...&...............H...............8.......@...............8...........................9...................p...)...........8.......X...............*...................................................+.......,.......-........h.L........................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\ProgressBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5692
                                                                                                                                                                                                          Entropy (8bit):4.738243897802114
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWWRmW0U4U92YDF1DqkWtZH3WKzMff2sKpJW2yugqN:KtcGb0U41AFdqFFWrsgqN
                                                                                                                                                                                                          MD5:1C2CBE26335E931645073DEBD61D9DB9
                                                                                                                                                                                                          SHA1:31538AACA44E1E1ABB2E79897B5B5E6064142618
                                                                                                                                                                                                          SHA-256:4F35BC6258A283B250AC45BEFA9C6D69C49EAF4805D24AA987DE6F84A4D73E91
                                                                                                                                                                                                          SHA-512:CE95B37DA7DD8C76C226D6691D2A43FD2F1B21873C5FFF3E69857A608EEF4ECA6D56948C34E9F6A7B6CC289FACD12DEBEF602C1AA57697619D0FED94B9B70F49
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\RadioButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3653
                                                                                                                                                                                                          Entropy (8bit):4.812422684711833
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+2S1+B+bnnpRU0qiAVXGYqFgZ:KogUldGcQW5EdnDU0qio2XFgZ
                                                                                                                                                                                                          MD5:1DDD77CF9A6DA009A4511D17632747FE
                                                                                                                                                                                                          SHA1:FCADCAD31CC89DC9796267F0494A259F3F9857BF
                                                                                                                                                                                                          SHA-256:69751BF1401CD0275F1269A3FF1245E94C9AB6094B51442E84A0761742D12724
                                                                                                                                                                                                          SHA-512:EB9649EEADF38F04E96E7D0E1190A4449E9CB32F245CA190689641072EA5327C7603D482C8B40C845D4017619F3E34490B1FEDC9E96E0C8DC3A8ABC9A072FF61
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\ScrollView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14604
                                                                                                                                                                                                          Entropy (8bit):4.5894561555109235
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGyKQr880auOa7pNgj4UTmaTq8HBdY9tZ0uhlLt/2YfU:RG9oupCj4km2qIqPlLt/2n
                                                                                                                                                                                                          MD5:14139C1D76D6FDC43BC9CE0626FD75E4
                                                                                                                                                                                                          SHA1:5C9850B3CCBEB8BF0C0EC8C2AE8AE6CC117D33CF
                                                                                                                                                                                                          SHA-256:5085D56222BC970808FECA1CA1634B095C2C6CCD6691F693C1EBAD2AB7EE030C
                                                                                                                                                                                                          SHA-512:CE2680818E338F2E1188E50BB22320C666575DCE39B363830E558DB13EABBC8F46859821C2BFC7F6462EF6CAA187C947BC440072FDB32F4BB6B6843BD24E7824
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Slider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12350
                                                                                                                                                                                                          Entropy (8bit):4.692219470832445
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGqTQlTeEDUlMQ/68WVy4yub3soZhIr/TozrTNVugO:RGWQbOQjconInx
                                                                                                                                                                                                          MD5:364F1C55898244523A4CFC7A5A47E28D
                                                                                                                                                                                                          SHA1:00BE015B1A64880302134B2F852A63D8803CB0A6
                                                                                                                                                                                                          SHA-256:3D8119887B0309D80DD4940BD8A70D1D21561EC0DB1C8AA09F3C295889C7F825
                                                                                                                                                                                                          SHA-512:9EDEA941D5DEB32ACE2149D4DBC342AB6AD95D04A01D4D4BA3C223ECDEAFFCD2917CA6F7ED209EE55D3150E9CE30B84D1CCE0CC5CF369BC0338D23906D2FA19F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\SpinBox.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13281
                                                                                                                                                                                                          Entropy (8bit):4.736074961181643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWUmDva2s68LsBaPsBaSDYacjm2cjmnMSnjz25tik/8NPIHZulFJfLjr:KtcGuSs6S3HCmhmnKcQIP+mZKFASRMJL
                                                                                                                                                                                                          MD5:AFEC2D213C2C7C3A6B84B499A5CA2FB9
                                                                                                                                                                                                          SHA1:DBC8ABED5CCE2D94519C8AA29C7CFA74D5D5A0E4
                                                                                                                                                                                                          SHA-256:61A59126588ED9D0A2AB0B769D618D6E346861DA8E955624BE3809524E81117F
                                                                                                                                                                                                          SHA-512:0BE1CC72A36954B72ED2D46663807F3936A5C45D2968662B4F8CE7652569797C08C25C36F50E88040361169BC609E3EBC1116EF802113F7341D3DEA095BABFBD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\SplitView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25742
                                                                                                                                                                                                          Entropy (8bit):4.445756629003457
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RGhwQLn6eY4Hx6IG+h4gaZAhaWQ0DbhbhdbfFLnLMg:RGWQLnbY4Hx6IG+h4qwWFPb4g
                                                                                                                                                                                                          MD5:0A46072C68E120C0E63205F062D93D43
                                                                                                                                                                                                          SHA1:115B66F2445640F54AADE7B9093878B36AF01940
                                                                                                                                                                                                          SHA-256:B500378FA65BE77A0F08FE26B771789D902591B0E46908B43B7AAAC80CE91788
                                                                                                                                                                                                          SHA-512:752AF4B2438DD3B711739A7AF7A7CB922A6E072CF3385087B9BDF7F9CCDB7F8D74333B8C5ACE4E0B92542488977FAB90ABB60138540B3FCA30BB7AFCD5884F99
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\StackView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):43458
                                                                                                                                                                                                          Entropy (8bit):4.500096685351172
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RGL8UhiLrV6Zgk+bXhhfotIELfOYmcOklcCDmK51ZlShKoXL552LPvL0rZUawrez:RGLnMFk+bXLfpEBmK7Z8prZUawFSnv
                                                                                                                                                                                                          MD5:D8F78DED9D75F939807CD0219DCD15EC
                                                                                                                                                                                                          SHA1:AE9A0A606FC415E2CB4C330CB7912578C30C8021
                                                                                                                                                                                                          SHA-256:57151175AAC70463274ABCCBCF3E57E08BD4CC6E7C4BD96E3646D03D7C50766E
                                                                                                                                                                                                          SHA-512:502639C3352AF3038F68E6E2DFD81027CCA3610DDD69E75A7D08AFCD023F867C09786CCED13207B24555D10204B7DB27F411A5713844FE68C96138D791307A9B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\StackViewDelegate.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3701
                                                                                                                                                                                                          Entropy (8bit):4.770409858757474
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9dpBWeHQEJn1ULlMybLv:KogUldGcQWWW7EXJyv
                                                                                                                                                                                                          MD5:74F5F0AFB5AD03CEE193AB7E63D8B0BB
                                                                                                                                                                                                          SHA1:F0A2C5F9D0BE87760E13C6B0C2460F00731B482F
                                                                                                                                                                                                          SHA-256:6935F441CC0FABE51F102F47495F61ADCED2A31C588A9C1C6D03620C940A0B3F
                                                                                                                                                                                                          SHA-512:E1BDF0F9371AC2C88A9BA9EB521BE892D1F2B2A957F12710261C64B7E827906E597094ABFE06421BF2967725313123842A88A0F055C95C53AFEB8DED8D0A8480
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\StackViewTransition.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2535
                                                                                                                                                                                                          Entropy (8bit):4.789416818924003
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy93ZNJGJLB9:KogUldGcQWfNH
                                                                                                                                                                                                          MD5:51D8B8E0D66D80736E6B6A0753BABC82
                                                                                                                                                                                                          SHA1:5BF685996E4DF8BDD9362047EBC9FCEA7ABAD68B
                                                                                                                                                                                                          SHA-256:14E65632333ED9FE15D87E138122E76CB942D5E4E0F58776EBA26CDB73953E06
                                                                                                                                                                                                          SHA-512:85DFF4D5367C4DFE0CA6969C8C0071B9550505FB813AAEAACD432E2B14F99D733962CC7E2F04F4C1C3870870F193EAED6ABCF826F3E3B4F1056A82D9163E7F45
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\StatusBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6358
                                                                                                                                                                                                          Entropy (8bit):4.63207579935174
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWdVBuWr3myXxjNcrt/k+2Ed9+f2TqUxr6+LnfMmunh+w:KtcGYhr3miNcryg0MHgX+w
                                                                                                                                                                                                          MD5:6299E07B7905A742CCC2894C4788E9CE
                                                                                                                                                                                                          SHA1:BB9EF4D0BD655ED6B1F93C9973B66FD6C6D3D08B
                                                                                                                                                                                                          SHA-256:A4200159ADA2879FF39D94ADA52C64E5D910DC7B3753438E8F9304BD3DD71A2B
                                                                                                                                                                                                          SHA-512:640C6579DA6DD05E1ED899E07A8E8694A761254C6EBC398E04328B4A38445EE03E315F148311DB27E791C4A7EDB268FF3D91793EC43EA548893CA63809DA97B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ApplicationWindowStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5195
                                                                                                                                                                                                          Entropy (8bit):4.666594294196223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWCS3sdszCOf/6VtUjMlljMaH0vJ5jMaH0vGVjMaH0vA:KtcGRS3sdsGx6j6jP07jP0uVjP0I
                                                                                                                                                                                                          MD5:DE60DA37658B3737154C69D264F2A414
                                                                                                                                                                                                          SHA1:A3E96470B5F9F179F7086009E6EAC4F0DBD15BB0
                                                                                                                                                                                                          SHA-256:5A667DA03B77D4EF01D9A9BF9DCA168645E102B1147678741892B8E785EA6C54
                                                                                                                                                                                                          SHA-512:5C5C807F5800E29A8DDD9BE4C29C852DA1DCAB0FA313C107444F15A0B25927A622CCD952646D3D08230ECD699888FAE5AFE4146ABB4FA4ED3C811661775EF099
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\BasicTableViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6586
                                                                                                                                                                                                          Entropy (8bit):4.829492368514061
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWOsSehCnFssypmbzCjaq418gbQC:KtcG+OywmO9
                                                                                                                                                                                                          MD5:9A43A9C39DD8DC02F2706DC47397CFEF
                                                                                                                                                                                                          SHA1:DC9243A378F713EC44D95237DA4AB6F2EC69034C
                                                                                                                                                                                                          SHA-256:D02446470BA5CD51E390EE1B6F78080942B09974AD089088975795B55CE59DCF
                                                                                                                                                                                                          SHA-512:B60B7EBB41170948606C009CDB41B69C16A74E019FE8FA454B687284CAFC43548C9CE603D2C64BFABBEA536310137D4D4EB620EEF0D0481568698334402B1731
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\BusyIndicatorStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4455
                                                                                                                                                                                                          Entropy (8bit):4.65121218543489
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+rSotC1acVZ3GthgOrwcax09uW/oXjtfZO:KogUldGcQWwScMcQOr3aSboTt4
                                                                                                                                                                                                          MD5:8CF3BDEB2ACB695085D110A67EF7979C
                                                                                                                                                                                                          SHA1:DCBCEAAE55E3D35C5B12828801796ECE274EE773
                                                                                                                                                                                                          SHA-256:88CC52B50EC90FB8DB6DD1CBA81992F329DDF4E2E2438742B6F68C7EE5EEF803
                                                                                                                                                                                                          SHA-512:8931D41A58DA4496D95F3FCA73D8F9A3BB48B62F89FC0727E60D4AFE863027EF34605A8DAAD594E4A2EFD238B9A908ABB7CE57A967AA71115BB318DEB15BEDA3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6821
                                                                                                                                                                                                          Entropy (8bit):4.653671475027472
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWl/SrB6D/0ka6G5MXv4+WENtyPqd9+DsSAT/l:KtcGMSrY/0p50GEiSd9+Dsbp
                                                                                                                                                                                                          MD5:C19019451C36D69BCEA15735A5C6E0C3
                                                                                                                                                                                                          SHA1:408F85FA900909FCD74F4487FDFF7E5F731D8496
                                                                                                                                                                                                          SHA-256:E3C05BF3247AE047991D05BD87C9FD8FD282BFA65371E8A36DDF3DEAB5C97FDE
                                                                                                                                                                                                          SHA-512:157FEE38A3E9A32B29347F6CEA19438526A527918BB2CBA7AD3F1AE1FAB07F24059D0B22F80A5131563114008609B510345F63FC50D8235E6096B83183682CEF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CalendarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30093
                                                                                                                                                                                                          Entropy (8bit):4.072348356345042
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RGfLbfssWu9Vbt7xE9pZyj79vSEWO8l0bdAF1KQF3ZW:RGzVVpxE9pZAxVh
                                                                                                                                                                                                          MD5:D23B1165EAD1E7BA0C3E9B029FC9E821
                                                                                                                                                                                                          SHA1:7198E9B32A96C1A51E9A9B4E926EF6A967329CC5
                                                                                                                                                                                                          SHA-256:F36EC8A4ED40596A341E7017FBF13635091E8FA8AC8F509721706A9DC47162D2
                                                                                                                                                                                                          SHA-512:F7C8872C9B34E8FE04678C57D79C026EC6FE4E83FD44BC0CEF950D5DB960DC4AFACA4AE95D2D233FC2C887E594CF349BB3E1B0971191D22EBB550F02DC183C47
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CheckBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7275
                                                                                                                                                                                                          Entropy (8bit):4.597937185580846
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWa/SubfmjxiSPM/S7n2iCZJ/49+DYAd/Beg:KtcGVSwBBSr2iK49+DxDeg
                                                                                                                                                                                                          MD5:DAE47DA5A7E22AA82B3E22F17A99F0CC
                                                                                                                                                                                                          SHA1:90C208B5A84BC44C2D9DDF09FF8A6803F0650368
                                                                                                                                                                                                          SHA-256:4CAFEE3390640EBDBC9BFC21BBD55D63905B5C293237EE0B5FCD2596D875A4AE
                                                                                                                                                                                                          SHA-512:F61F1FB74F306A47F05048A78ADFBB67B27C69F15D8CE8CA8324F4248AEAF1B41783F46A06182DD129AEEFFB74190745751FA6BDAA2A7AEA76C31F12AC15824A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CircularButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3387
                                                                                                                                                                                                          Entropy (8bit):4.843527940418129
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy9nGxGlDSbNajeItbiHoWd:KBgUldGcQWxbNieIwHR
                                                                                                                                                                                                          MD5:8717284E7E0792578D0C07FDA27CBF23
                                                                                                                                                                                                          SHA1:233513A280E3C66FFE5DFDD69ED4107B4C21E9ED
                                                                                                                                                                                                          SHA-256:C230F37E94B347033B9B1D230D81D2DB5F489B68DB7E776185FD6FF1569758AE
                                                                                                                                                                                                          SHA-512:9A59DC02A2109DB9733A26A4E0172D81E35DBD7A0B6E904309671CCC603A65D6AEFD65BC799B3E9D6F6B777922E52CBA14777CA800A6D38402E7FA77CE8A5CC7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CircularGaugeStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18599
                                                                                                                                                                                                          Entropy (8bit):4.600615740536773
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicG3STU3ybV3l9xvd3Es2BZD9PU+s2BZD9WmzKIOQMdLhI3sqfZT3pMm7pS0jKL:4GiOybV3pvGTtiQfOlZucMl3ykFM
                                                                                                                                                                                                          MD5:1E92C54FA7DF591A934D8CC08B4CFBDC
                                                                                                                                                                                                          SHA1:DC59038010B9F618EEDB763B92E84DCE498E956C
                                                                                                                                                                                                          SHA-256:5DDD459D0E56F42672CA239B5EDD9650AB442B5F9D62105BDA19790B22088209
                                                                                                                                                                                                          SHA-512:FF0ABFC326137546EC76E4C80068B4C9658941FFDC7A2FEEFFDA717D15F787D148B28A8CD1BE56585DCE4D11736DC6CB7F01ED4246158FFE0238655841963095
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CircularTickmarkLabelStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13701
                                                                                                                                                                                                          Entropy (8bit):4.405540423788938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicGJwTavAQY/9eQTy6ig/uKi/OJzU7A4gUcvoaMZ:4G+//bhigkozUknk
                                                                                                                                                                                                          MD5:77AB0B21EECAB36BFB4D322854CF7F43
                                                                                                                                                                                                          SHA1:594B85BE5FC922B89C114B258E11D9E42C9620E6
                                                                                                                                                                                                          SHA-256:7E582CA7BAD41DBFF72E53F821FE6C5F92B619A883CA567386D08A2A692195FA
                                                                                                                                                                                                          SHA-512:FBABB02AFE10ACD4CCB9303AC70B3D22FE97BE3EC6CDF1099E35924676FBF70C0BEC4860BE8113D228C1A3B4A06AFE7EC9474D4C426075CA237E1AF8518830B5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ComboBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12375
                                                                                                                                                                                                          Entropy (8bit):4.601679376476698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGqSNWa0XKg5gzwCpjfVEsxd9CDMISxvTwg+v1COCNoOCOCc4:RGlGXKg5gMUfxd99Rw
                                                                                                                                                                                                          MD5:0D5F83CE30836BE4CBDBA1B5B0FA77B5
                                                                                                                                                                                                          SHA1:D8169FF72B8D0B64E81EE10EED5342B95259B0E1
                                                                                                                                                                                                          SHA-256:7EDDA00F6848787DB4BD38A04418D2F99ABA26D4296AFD67A3F67ABEC30C4949
                                                                                                                                                                                                          SHA-512:1ED61C158622739CFD6CDBE79F2162884DB920FC01E5D733ECB8AE1166167B65355538AE7237BBEC029C1F6D6267350E40E1723441FD70BB0E2136817EF58659
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CommonStyleHelper.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2688
                                                                                                                                                                                                          Entropy (8bit):4.94846948198866
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy9ZsV9hF1tgyTbb9f9IK:KBgUldGcQWX9JtgubR9
                                                                                                                                                                                                          MD5:8FDB08DC6713B34EB276C2FC503CC84E
                                                                                                                                                                                                          SHA1:5CCCC4CB7AF003671B694BB3C3CB2D75744B6EE0
                                                                                                                                                                                                          SHA-256:75FEB7954038FC605A7A111592C16B83286716E4FD509615FDDC2419FA7AD98E
                                                                                                                                                                                                          SHA-512:F17C7EF0A50A4843B2A645069E67966266EC134EE5CEF4C41B2790DB9EDC44C3E815639395A7046B8A5E297BE083AA0F83B7FEF0A7333B43FD77FB3D10015752
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\DelayButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7477
                                                                                                                                                                                                          Entropy (8bit):4.457964454713401
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicGAS+yVHrMW1TmEmCrFUCz8Itym6kDQbp:4GDRBr3mEmC5VyvF
                                                                                                                                                                                                          MD5:DD14E449040774CF0F8C297ADA0BB230
                                                                                                                                                                                                          SHA1:33FF12A501046315450A488B3CFA9C360D7F766D
                                                                                                                                                                                                          SHA-256:734198AE9B68B20931073ECEC580B3924006A40212A397A26854ACBA3C60D08E
                                                                                                                                                                                                          SHA-512:E984BE5ECEA7260D68AE277C0A6F7EA5252B881B5B9195D0FF7BA7A7530E0691A77FC9A6A5FD9158B3D2D3706FDDE2D4C2B9A64A6607B7CB51D7C017CB9199C9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\DialStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13309
                                                                                                                                                                                                          Entropy (8bit):4.641284565398556
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicGjStkxvChpI1QjdAfKRhqfIWvw6/aJCiD2pp5opxj86L8PbWv+IzU:4GGAvn1c2SviE6/pkjfvS
                                                                                                                                                                                                          MD5:C9ECBD290C4D4AF10D1F16652064D786
                                                                                                                                                                                                          SHA1:7C967C254D293CC4D2ED5667053C02762A7F466B
                                                                                                                                                                                                          SHA-256:68D38C22B76E28D994B587A9EDDADCDF87682A0F2678551FE67B68C737107B4E
                                                                                                                                                                                                          SHA-512:A1887E899BA983050F84882F4BE70CAF055F4F945E7A7A91E864CCA95A55EB25B15DD4E97CDC2F7846A38D3994F23DE7323947B9AE50C7CCB5B063105AFCF670
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\FocusFrameStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2195
                                                                                                                                                                                                          Entropy (8bit):4.860641581432451
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9C2RE3P/z:MLoO6E+iCshVKzlOWGf0hEVufy9nC+2
                                                                                                                                                                                                          MD5:AD01AD6DE4CC26FA4270567AC67899BD
                                                                                                                                                                                                          SHA1:4504EBA68FECEB61AE5805AF8FCC9E8F46813368
                                                                                                                                                                                                          SHA-256:4A6FDFC1C81341D6B4127DD76CF30A46CDF1EA080156327C641D93659AD10E4B
                                                                                                                                                                                                          SHA-512:CC463C14BB9B6321B9E0B3B5F9864CA29E5899D8054CFDFA2458AB3FA5005F470EEBCD87FF3278718D1CC7E15C0184C81776D3C650CF9A0A49F2D209B998AA3E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\GaugeStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22836
                                                                                                                                                                                                          Entropy (8bit):4.299447926284382
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicGzSPBjuH5kOOqqOipbNpymTjDIkE6ypij2RsDPjdBfNDL9+:4GW0gJ4EdEdYjho
                                                                                                                                                                                                          MD5:7C3C99E2E1F2D6D7AA20BCEE398DA6E5
                                                                                                                                                                                                          SHA1:146F9AEC406A1C8921608C42399BB8F07D5A4F95
                                                                                                                                                                                                          SHA-256:47720FB3600A64E782D23C316B88E2A0B8C04DDB4145C4F3FC715C88E5C4AC58
                                                                                                                                                                                                          SHA-512:578F5B75B7227138994066997E79A0DA7473172220975AC9298C58CB4CAA6C32DE484AB8A01235F374C80882B85D114324D7AAD20F17BBFB417EAADA4C5E3CD6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4956
                                                                                                                                                                                                          Entropy (8bit):4.6040064729782575
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+/GZg3EQ4UWgqk3DJCHB0YpD+0mXkupan9N:KogUldGcQWgG++KvzJu0O+pkXol+1
                                                                                                                                                                                                          MD5:551C67724C444056F370802198A7E5E9
                                                                                                                                                                                                          SHA1:E87F2AF2D3DB8407A3E467B613191C9C268FBB41
                                                                                                                                                                                                          SHA-256:A87CAD5B0BA3FE0E67F183EE47F33B0F92E733ED3150821C0DE76D8AD7A3D664
                                                                                                                                                                                                          SHA-512:7CE6B704CE5B36EB2A88ECB77CD86EADEB9E6B579412E657FA94764B04E2BA4E9F006B0089DE1A4587DD925F9130DD4358541FF40E26922F369FDCC06FE72B48
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\HandleStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2849
                                                                                                                                                                                                          Entropy (8bit):4.799975439686825
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy9nfAerCvgC/5qs4pn:KBgUldGcQWXLA
                                                                                                                                                                                                          MD5:4F524B56A3AB03D69866D757F7789BFE
                                                                                                                                                                                                          SHA1:18329971CC6F7DFD0620FABCB68EB5A14C3D385F
                                                                                                                                                                                                          SHA-256:0C49EED4E013CD6D921A73A362AE0B49288C91377CB1A6FD1D9A3C1A79DB78D0
                                                                                                                                                                                                          SHA-512:67D1E2D8E1AF463C850B672121970489A9FB19C6E1ECEC278FE7D40FE8057EE6598B2CE87DB9F1B11D633863E704C17C1F8CDB5E360D040AE3842008208DC3AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\HandleStyleHelper.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3955
                                                                                                                                                                                                          Entropy (8bit):4.902843047893749
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy91Bbyx4leoEB5wPCLXmic0uV5llN7Dmic0T:KBgUldGcQW4Bbveoa5wPKc5B7DT
                                                                                                                                                                                                          MD5:518B479E244913265C2805AA261295E7
                                                                                                                                                                                                          SHA1:6CC7C85DED85CBD12067D469040FE356FE905147
                                                                                                                                                                                                          SHA-256:08B3432BCA020144EEE63A8EBA54FCD9DE6ABAD39368E316EA5EB3F627E8C113
                                                                                                                                                                                                          SHA-512:D1C05E98F2615F6245767CC03D8368FE605AE50DDBD19C3F3DFE894BE26ADDB4844944B7207B417172DFEC561FD2EBED02E4B52199A414C31BF63525ED6E5FBB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\MenuBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5266
                                                                                                                                                                                                          Entropy (8bit):4.7800368857594115
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWLSSQ7FUtyV0zZnr64Hlvsy3A:KtcG8Sp74y+zZ79w
                                                                                                                                                                                                          MD5:72E9D9E9FC99FA5DE5157CB65CAB7F49
                                                                                                                                                                                                          SHA1:8D973BE620F3BB6DCE39165DE53C2791907A8D14
                                                                                                                                                                                                          SHA-256:10B0380B7358DC7AD70A5DA292BEE8278A7171249C8E6B64DDDBDC4D64D6885A
                                                                                                                                                                                                          SHA-512:76AFF6AB7DE904EC73CC05DBFD7B76992CC0051BBF5CAC563883C6D29C4BAE47D21BD5B11063D2292B06772BE55D7C7974E698A155931FAF403C30471C5A0CE3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\MenuStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19028
                                                                                                                                                                                                          Entropy (8bit):4.517836433157375
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RG3wzT7/U9hj3mJx81JDleATgJxKmgGTuNBb6v:RGgzT7/U9hjjeAEJxJ
                                                                                                                                                                                                          MD5:FFAAC9E0AA74D8288693E93C3D535183
                                                                                                                                                                                                          SHA1:0D8F124B31CC2CD66B769A0B462C3C95D7F6E7C3
                                                                                                                                                                                                          SHA-256:89F8F0FC50908E19EC2ECFD39AC53663E95488812E8B05966184E25B1139DF11
                                                                                                                                                                                                          SHA-512:B269B9F9B6143835A6F2A8B36C3560C545C8AAD6933792714765EB9ACFC38A2240ED660832338613F836B5B7A27814B0839BAD433D6259E0D6030C56EB3DE06B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\PieMenuStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13619
                                                                                                                                                                                                          Entropy (8bit):4.526104451067634
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicGPST7AttX6JwMo4n2j6CMFnA0HxogPyXccLZV1TSSEZE2qdBQBKk3ThdR:4G6HxfVRJWX1TSSEZEpBQBKc
                                                                                                                                                                                                          MD5:4331645D90F0E38D2486BB5B2C1E402C
                                                                                                                                                                                                          SHA1:BD5548BF8894E5BD20253A691E756A4702CAB0C1
                                                                                                                                                                                                          SHA-256:2E181DDA4E3BE6B21B5141C7B235E93FB25EAA54D21FB3038BBF861C9B445306
                                                                                                                                                                                                          SHA-512:D1337FB0148808E24FF0BC9AEADDAC4837428DB896830A7092078B128B5968DE59E4CB7244AC28632F63540FCA821872F526B23CBC778624DABAB81B6E981346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9671
                                                                                                                                                                                                          Entropy (8bit):4.398147008349299
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGfSf6PYKu6KmdxGjeSunJPqvGeOuJ41jHkPx:RGKygzinJPex
                                                                                                                                                                                                          MD5:C29EDE2738CBEB5AFCF438CCB0AC5D0A
                                                                                                                                                                                                          SHA1:D71DEB3F6FB577FABCA903C22EDEFCE9082EB284
                                                                                                                                                                                                          SHA-256:D3FAAFA6630BCD03E81DDE2D87486CBCD0C4A5B20785C74342F37E002B65A2AF
                                                                                                                                                                                                          SHA-512:8D6E88B5B1AAFA8558C17E365F95C51C0E063D6DEE1ED12BC864B3AC5D370F4AFAC71A20F16751AAF130C991D57F9295B567AD7618FE87FAA7C3EF57202374F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\RadioButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6421
                                                                                                                                                                                                          Entropy (8bit):4.608996006455668
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWW/SYUpuj3wPSmnEJqZJ/49kGAd/dR:KtcG9SBE8xnEJy49knrR
                                                                                                                                                                                                          MD5:D03303AF79AE603CFBE6876482F053A8
                                                                                                                                                                                                          SHA1:C8F44F484B05C75B8D081B89BEA1703BC9713E99
                                                                                                                                                                                                          SHA-256:A5A0081052F3AE4C8D97472CA1AD6AD67E8C4A05758143CB18CA8E99114DFBAA
                                                                                                                                                                                                          SHA-512:BDCED49DFE5E8F6C9DD00C432EEB5643C81352ADD3698D683AC9AB2440C4942941DFAA253BFB9C492A4B8BBD7E5D9C5A75A046B88931552218565AF0E4D154C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ScrollViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17548
                                                                                                                                                                                                          Entropy (8bit):4.574607698856005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGfSi2rZovoKAZCv8pbLGoTR9uDHmnuwPxmEaTjQe0RJ6jGHE:RGKVUlAZs8pJR9uDHi14TjQHRZE
                                                                                                                                                                                                          MD5:96833FE6D42FC67244982F05C244788B
                                                                                                                                                                                                          SHA1:0469818E36FEF3B4F009E7AA79A3BFC183817B35
                                                                                                                                                                                                          SHA-256:8E89154CBF7946D7655149B7F6AED77528C95A88F3F7677C2D1579DF9A3DBDF8
                                                                                                                                                                                                          SHA-512:F5D2A22D5621DB4E7DE9CA005801A16507C8271568F8F9950B04E76CF48BDB159854854071E05FB727BB96ADD1D927C6290C7E8C7107516A872F58F0315282ED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\SliderStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9011
                                                                                                                                                                                                          Entropy (8bit):4.524730875753044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWw/S1DvNkmF0vPwkGO+YCd19MznVXwznoaHFl4a3PkaCAc0rJ15o:KtcGpS17qPwJTd19inV8n3L52
                                                                                                                                                                                                          MD5:683EF25C8A8FAE7C5C6ED4E90F6638AD
                                                                                                                                                                                                          SHA1:8C81D572D01C9C7A9C7B1B871BE68576812F6447
                                                                                                                                                                                                          SHA-256:2A7D2BFC834A4A902EE60361A669355CDA0E401823F42137B83504F97BE0723D
                                                                                                                                                                                                          SHA-512:D334AEDEE899EEEC7AB63A837F71DB23C43A6FCAF0D768B71CC716BDAF9F3AFB8D81EF98CE037C77DC61B07CFE4F295DB1E3FA0257F79464C325FAC140C2602F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\SpinBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9683
                                                                                                                                                                                                          Entropy (8bit):4.650784716910415
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGAS9ZBKlV06nI8IgD7KCOCNoOCOCc4:RGD9qlVs
                                                                                                                                                                                                          MD5:0FD415924CB1244BAF277FE75A81795B
                                                                                                                                                                                                          SHA1:446E5BAAA1ACFF2D90397226741A8C49E4572B7D
                                                                                                                                                                                                          SHA-256:C92EA6D633E4B5CB1C2B547096D67AAB6476A9C7493ECA9773835A2FFA4E22F7
                                                                                                                                                                                                          SHA-512:2D55EAE74DF7E2A5C0FF73A0A94214F3AF139ADFE7D28B84CEB21C181CD51C53349C082E372048D58157AEE18ED653E5BCBBCD7735FEB4A604B309A0C334EBF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\StatusBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3884
                                                                                                                                                                                                          Entropy (8bit):4.638852057422492
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+CSNvd4asGbViYjJ4:KogUldGcQWFSca3bpjJ4
                                                                                                                                                                                                          MD5:D7CED5BF6D92DE149E1784EFEA96EB89
                                                                                                                                                                                                          SHA1:C29645EACB257B526A17F921B4D19463AF3382B6
                                                                                                                                                                                                          SHA-256:E9C144D88DAB0D146F3B32023313BE166BF4FC73E589F4143F4417641789F3D7
                                                                                                                                                                                                          SHA-512:4F0D7F0B447CE10875D60C2EDADA25B9864F9F9F38005C66D45531822927B93FFC6447BFEA7BB3268DC748901F53D3496B39C004B1DFC8160614AAA4A5E2A14C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\StatusIndicatorStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9088
                                                                                                                                                                                                          Entropy (8bit):4.501823834100412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KBgUldGcQWVuSqw1Q8aDFxHfI781cOMKjhKhqfaLR9XpNqgqgH/mOVGOsDMqRZd5:KicG9ScHHf51cAhKhqcR9Xp+P1B
                                                                                                                                                                                                          MD5:10364A6BE9565F48A752A82424D221AA
                                                                                                                                                                                                          SHA1:D33E7D56A711AB8EC4F4776A948F5518F3F49A53
                                                                                                                                                                                                          SHA-256:50553CE68ADB869229ADE37DE56D3517947ECA4A2C0098A0F3F765329A66EB1A
                                                                                                                                                                                                          SHA-512:E6E278AFD9E9304693B341128B3E6B995438034D955CDBEBC039CA2FEBAEF4B1ED426E86E7878A0E1FA0F7210D91663E890F3F0D596A7CE5475C8ABE6139BE7D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\SwitchStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6038
                                                                                                                                                                                                          Entropy (8bit):4.651338885566638
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQW6SU0ivWUa0fjra3HDT09IAY5ACDzZZ:KtcGjS0WoyiJCRZ
                                                                                                                                                                                                          MD5:FFB5F8291B67A3FC45CB766FB5401269
                                                                                                                                                                                                          SHA1:0EEFD1249ED80A0565635814FBFB856F02D8B73B
                                                                                                                                                                                                          SHA-256:56F01C435E5BD0B6ED7CFF22B68651AA2CAB6018956284E97220F6BA46C47333
                                                                                                                                                                                                          SHA-512:BD77FD4211FB1774369F7F209B0AC8CEE392B6F604CAE0B493C5505F24F3256B30BB6F2989388AC3B8C15DDDC9738A00378B758117DF4B915D69D631CC88EC55
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TabViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7770
                                                                                                                                                                                                          Entropy (8bit):4.62722489903996
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWHCSowyJ7pSQMBd+3X1yLv58TDjFLfoD:KtcGnSw5uCnQL2DJLf0
                                                                                                                                                                                                          MD5:D3E41A7DFE95B0183D16B0DDE4C29217
                                                                                                                                                                                                          SHA1:1E805515B389ED9DF462E58151DA0D2023E96464
                                                                                                                                                                                                          SHA-256:A5311934501B5029EE2BE2F6B75B00E8920EA05D0E96776FAE2308A5E955B200
                                                                                                                                                                                                          SHA-512:3FFCBB2087A9835BF3F9F7DD95EE4699E7BF7145E2F84EFB146A044144479B8A7545577C4A14623201EE9B7B43B23F5F37C6494EA6A2A265F0D3952485D371A1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TableViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2116
                                                                                                                                                                                                          Entropy (8bit):4.845502592991123
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9E9DsK2n:MLoO6E+iCshVKzlOWGf0hEVufy9E1sX
                                                                                                                                                                                                          MD5:C4442C528418356C4115FAC8F196E0E2
                                                                                                                                                                                                          SHA1:213BC47F6348B8D47672340BF7A510333667CA13
                                                                                                                                                                                                          SHA-256:8E717245351E3B2D37EBC2F86A21BE70DE1F23E400C4D87CE7F5FA5F7E15C9BB
                                                                                                                                                                                                          SHA-512:F4683A52E0CAA6F768AD89CB60515BEEDE6E9B3C82F4E2C9EB60AEFDB78117234016768EFAC93DE63D8004B4422616D20FC7DF1B5416EB171849531A8455311E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TextAreaStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6192
                                                                                                                                                                                                          Entropy (8bit):4.708157783383541
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWESXxAygFMCOXyNoLyCOXyct:KtcGxSXxApOCOCNoOCOCct
                                                                                                                                                                                                          MD5:8C8C3A28F50309394B4688ACA4F59612
                                                                                                                                                                                                          SHA1:8B7F68738C1F942FE4B610054F4D57DE636AEA27
                                                                                                                                                                                                          SHA-256:F9D62727679FFB17D42739D59F0F5198C24650649C01CF0DC124EC413BD6BADC
                                                                                                                                                                                                          SHA-512:ACA39C177EED0F4E29AC2060973719DA681E1F345E969AAA0BBAD20B82929286C83584409FAADF5BCC75C857474DBF096CB981F380859E09E8CA297882455303
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TextFieldStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8423
                                                                                                                                                                                                          Entropy (8bit):4.6776172765953845
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWM/SRYv8/SNU+gEClouvAH/ARII/jYlPbDPMCOXyNoLyCOXyct:KtcGXSg8KW+B7YRI0MdDkCOCNoOCOCct
                                                                                                                                                                                                          MD5:70657CB2AB96E3A4FCC0C1AC76F19C77
                                                                                                                                                                                                          SHA1:E777DE5D90103D2E607AC2B32F09347D28A49DDB
                                                                                                                                                                                                          SHA-256:ED6D8C14FCEFF917C6EEF857723B8085F444A456B95044A01DB65A9E0202C8BC
                                                                                                                                                                                                          SHA-512:1D3AAAE1EC01AFBC588E99C37CC4C7DCED8B68F2BBA3385A973BF2F9ECCEFF761E4898AEAEB00A0C6438746B88685C93FD56A144A182B558DEE2FB0EA5DF1F35
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ToggleButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10258
                                                                                                                                                                                                          Entropy (8bit):4.560115668765665
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KBgUldGcQW+S2VLSjsLnLG7+hNDMO+Q99Orr+MR4GmwN7Ghw2FNJ/6kDsSAT/l:KicGRS2Vgszi7Ih+Qmrr1EN56kDsbp
                                                                                                                                                                                                          MD5:6C045E9D4AD44B2868CFB552F60828BF
                                                                                                                                                                                                          SHA1:B8FF107C21CA58A23F3D849C625D269DF2646124
                                                                                                                                                                                                          SHA-256:49EC038431E24C713F223054DBE5A9D8D4106D785F5EE2D108B5FC7103C4C0C6
                                                                                                                                                                                                          SHA-512:6691A18B70C835A43B4B23095B31AF82BCCF0466F04A6B2FB6A3685A4E0F659AEDACFF53340B440500216640579B4DBBB566D28977655BA62387F23C2082CBE3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ToolBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4448
                                                                                                                                                                                                          Entropy (8bit):4.635039369223241
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+SSVvj54cPQXJ5Vv2X4szt4fjFJZNnGeY4:KogUldGcQWlS0c+5/K4h24
                                                                                                                                                                                                          MD5:BE7A015302F2FD4F7A3851063C5C97A0
                                                                                                                                                                                                          SHA1:B412F4522F28BFCC30A59BC2283E773CBF64FDE5
                                                                                                                                                                                                          SHA-256:82D476FD3675E5F4AAF622EF0211835D859FBAD6E718FD5F100E9AC328EA4A0E
                                                                                                                                                                                                          SHA-512:46D3E7AE4B6BFDAD98B867615308801E590121AD78BA2DE5A2418439D9887E3075B5C24AE77C45A99BC6883B42A5979F26A24D082F65D1164391955F3100CD8B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ToolButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4334
                                                                                                                                                                                                          Entropy (8bit):4.665613385293802
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+j+DIypJR9gXxXOXjQ7i1eipD+BrMX+sf:KogUldGcQWi+DIO4XxXujQO11+tMXTf
                                                                                                                                                                                                          MD5:E6F68E889EFF0EF731F480A5FDE7D338
                                                                                                                                                                                                          SHA1:8BE57E64A6B9F620E132B88E2CB363D94AAE3696
                                                                                                                                                                                                          SHA-256:195B734636F3B55789CC07BADA134D37AA256BE989D4BDE8E10456C598DEABF0
                                                                                                                                                                                                          SHA-512:D3F7DB5F8C64E07A2B764AD9BCDCAE6833B62F58ECAD81C88E9E2C413E4CF641EF3F334392972B8559CF0455154C1038AB21E267D25398510B297128093143AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TreeViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2813
                                                                                                                                                                                                          Entropy (8bit):4.866384722770099
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9EM+suBXZ8XOCNI:KogUldGcQWau
                                                                                                                                                                                                          MD5:B6069EF62D8936486E3C0C6892B302AD
                                                                                                                                                                                                          SHA1:84051674AAB7B3A78B09980148B6923737CD55F3
                                                                                                                                                                                                          SHA-256:838C9D6873D47CED64C308981E88265F2CF80F42540B94411B28C3A5EF930349
                                                                                                                                                                                                          SHA-512:FF30D8E3C85C7279D325D142CD16C445E21D97DA06BD9FEFA24A27675E6A5068AABC7F0953FB328994F2F0CA7E3466DC5DF274141166CAC544A3FAD010A30149
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TumblerStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12873
                                                                                                                                                                                                          Entropy (8bit):4.629428348660201
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KicG+pSto6U19Emc9W5gZddj3fQSiz1G6BrY4OY4Rwdr27rF:4GJeV1GWO/djhizI6BVOXg23F
                                                                                                                                                                                                          MD5:5EA000E9BF0E1CCCE4233B9BF5AC8916
                                                                                                                                                                                                          SHA1:811CC28DB468D3B5B5FFDE90E27EAE874B055372
                                                                                                                                                                                                          SHA-256:D23A90DB1D8B0DD7E49F7F83CF9C8BA510B2A14125A452F222F82068822457AF
                                                                                                                                                                                                          SHA-512:E79AE8E19F7C13E0FA744BE2E97A9C035A41244FEC17A915919544B5D193CA193831D4C0EC79F357A60B5F36A0E563F129CBD16B35313AC26BDDF839D7DA8CC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 7 x 4, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):99
                                                                                                                                                                                                          Entropy (8bit):5.3926034695973195
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPly7tJXzRUyxlXsV7Xb+khWmj/mleup:6v/lhP8HUy8xPhLm8up
                                                                                                                                                                                                          MD5:9E26601B6D0263DDC931B562739789DA
                                                                                                                                                                                                          SHA1:CFA26B6B614F9434FE8CF4C332672F6A99F1E030
                                                                                                                                                                                                          SHA-256:0D0F06D0E93C8A2F28DA6838BB0BDC9B46DC79BBF0876DB9DB7DFD86B133CB9B
                                                                                                                                                                                                          SHA-512:198CF67FC584DB1953069D3BBAF7B5011B8C8A4766212DC22FD1F1C28BFE577102B53A31AA6BACC060FBD3D2719720CF61D67850975067E91DA2A09D956DF905
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................*IDAT.[c`......2081|.r.28.I..W.W .?D...;....b....Y.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 14 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):138
                                                                                                                                                                                                          Entropy (8bit):5.913104986410572
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlZLtsSp/uugkuXrn7hd94lVF3G3psqA/75dp:6v/lhPGSp/uPz7L9Ke3te75dp
                                                                                                                                                                                                          MD5:2A3FA1EC3B03ED9B5FCF208CFBCA80AA
                                                                                                                                                                                                          SHA1:44629674E7BEE50279125EA993A253FCE734B3C5
                                                                                                                                                                                                          SHA-256:B78BA36EF95DEBB02D5216BC9A2B92F6A9EA20AE90D3985EB44829A358894ADA
                                                                                                                                                                                                          SHA-512:995E7BF9BBE1FFEFE0FF8382AF49721C493D71E4CAA4551C3AE05D13C3C79C17EA10066683310A8C3CC68DBDF5F7775AAC58629CF17E98F250F9FA0DF74393A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................QIDAT......@.............,....93Q|.?.p8.......0`ox+.%i..c....'...|C....../x.VCI.`E.b...2....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 4 x 7, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):98
                                                                                                                                                                                                          Entropy (8bit):5.206412870756318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlJ4tJ6JYMsA98MCnAFttpTSQ0OoXB1p:6v/lhPst0JYMs0fpSOojp
                                                                                                                                                                                                          MD5:A2D915B434E9F0B76330C66CAC462E93
                                                                                                                                                                                                          SHA1:552A2047B07A7E4394A43ED34CAA1C4CF170809E
                                                                                                                                                                                                          SHA-256:E3EF46A5A48C488F2AF7E46440E28CBF292A8E640144DFCAF896682409994C1A
                                                                                                                                                                                                          SHA-512:825EAC978A84893C45F886EF947D4435DDAD7065C0783E9F6203C39DA27DA225DE64A61BABD550D40CA892D42B21CE79A8203D427B6E8B8DE5C7AB1374CB3E8D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............l$[...)IDAT.[c`..'.........d<.S@.;.W........g....i..].......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 8 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):139
                                                                                                                                                                                                          Entropy (8bit):6.070522563629401
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlvfD4aFLzDCO6xdhMHo+cGaauHo28ydQeup:6v/lhPeaFLvC9R+cVTI28+Qdp
                                                                                                                                                                                                          MD5:34CFF14C6287AA225F809A2B394BE44E
                                                                                                                                                                                                          SHA1:7B5C7F8A2C484D118E958CD9D366CA95FFA01B6F
                                                                                                                                                                                                          SHA-256:C5C3D15C8CA417E66569FDFD69EDE83F6A9F338524E55C21FFD86F11880E4C8D
                                                                                                                                                                                                          SHA-512:05A19D498BFBA572CAC54048BA7F4C6CDE7D3FBFCD0EAE6BBD6C344A3AF56BE128DF7E06C95632C24752781708515ECA7C775D0EA9E705C700215B8B81A6C1FA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............V]....RIDAT......@.C.w..@..-.....Tl...AT\b..b....k.....F...Q..=.1a.L...."...S..wjI......<..#......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 4 x 7, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):99
                                                                                                                                                                                                          Entropy (8bit):5.230333101040782
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlJ4tJ6JYPBxldLmKXEUvsjlkojg1JU/1p:6v/lhPst0JYpdKKXEUZojg1Jcp
                                                                                                                                                                                                          MD5:1480A736DFBBA89EF423FB99829C8C30
                                                                                                                                                                                                          SHA1:58327CF559EEBB4F88B193090F5F7E528C0835AC
                                                                                                                                                                                                          SHA-256:ADA31CABDF339314064F905EB072A0895EC07232E8287A9A22BA82A34FADD378
                                                                                                                                                                                                          SHA-512:AB4AEB77294EC83484A4352D8D51BAF7A41ABFBE3C940F7BA9A04BC6114FDB6DF146FB5A40F1A47D903DFC46C5641A9FF09DE632CC2B6E950D82FE5A8DA6E3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............l$[...*IDAT.[c`8........2.B. .;.........F10.P.....:.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 8 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):148
                                                                                                                                                                                                          Entropy (8bit):6.179148904370533
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlvfD43Pl9k0yonHpjv9cl1n2KWT7D3EutkXYJsg1p:6v/lhPe3Pl9kc9HrVWKp
                                                                                                                                                                                                          MD5:32BF30A66C6FF87ECDDDBB59D974FEE6
                                                                                                                                                                                                          SHA1:4FB8DAC785E763F3A629497159EFC6AE94455625
                                                                                                                                                                                                          SHA-256:2007018F329B461364A4E038AD5CA032152A3D25B06394D32E1BA1EDBF2DC27E
                                                                                                                                                                                                          SHA-512:D374181CEF3B4D66C599FD9CC12BBC12F161CD1B5EE4FE2516CF9872280ACB914116C4EC896A180C9B0C6BB879B516E183FC9CF3DDB159611417A4A17C617971
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............V]....[IDAT......@.@.Q.0...hK0..l....LD.>.....X..`P...^B..B.. A9..9J..?......xc.|b....;..0....}8.$.Tg....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 7 x 4, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):112
                                                                                                                                                                                                          Entropy (8bit):5.6716991238441095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPly7tFfJ2Exiy9ofXhfNy4hZYDxDJnF2g1p:6v/lhP8xJj0tXhfNy4PYDxVF2up
                                                                                                                                                                                                          MD5:BCBBB04747E7558F52BC6D92574201EC
                                                                                                                                                                                                          SHA1:29FECA33E341D21367DDF0055E016377F2A758DB
                                                                                                                                                                                                          SHA-256:D06DA849C008079507F4951696C0C049D080CBCC05D757055D8C98EC23C810B8
                                                                                                                                                                                                          SHA-512:7ABEDEBB35119549443FB98CDC9D9C1FFABAE951C3554A992CB84585A9D51A0211E198FAC33D41E0859494057E3FD35BE1AD904995921F34A191B02E8474A5C4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............B.%}...7IDAT..]...!......[.]\.&_......D.hXh.U...b/o<!.a......&.".,.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 14 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):155
                                                                                                                                                                                                          Entropy (8bit):6.234159177694252
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlZLtsSp/dseJ00onnXAeqgLiIJ3KgahBctIgjauoHSXB1p:6v/lhPGSp/u50onnXAeqEiNfhOQyTp
                                                                                                                                                                                                          MD5:BB0A46E6C1771A779201A47145C61ED6
                                                                                                                                                                                                          SHA1:2CC14C4871251DA64879C921A6F2CFFD8E5D397A
                                                                                                                                                                                                          SHA-256:E3A73C4AF918665D2FF75FE367E207FD71AD96FF9502D5120586A92D4076ED34
                                                                                                                                                                                                          SHA-512:5AD68791A5FD50C9A38988AF39D1AD9124937A4ECF925EF9D65536B7108491BCE7EAAF3D84B2C70A3D19EF0E5F107AD2E15EDEE40129B52A60BF0F91C9489F52
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................bIDAT.......@.E.CzP.S...2.2%.....I.$>..w.R...S.k~...R[._B.X?P.bhB$...2.....E..j<...........8....../.4[....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\button.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 68 x 30, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):554
                                                                                                                                                                                                          Entropy (8bit):7.052906621637133
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7qFyVzV4Pd4BWgpKNoqW96qWd6RDk9wavyjl7LhYjiBflJg/:ZyVOCIgpKoLchdQk9wr73BNY
                                                                                                                                                                                                          MD5:7D2A593CE15F1C18ABE05C4BE7B623FA
                                                                                                                                                                                                          SHA1:FB6D3E41F21C23B430C91B08477BCFE78BCB0409
                                                                                                                                                                                                          SHA-256:BE15DA1B5DF9D4DB06BBC55673731E3FDE23E82A3983AE7A560B9DA1203A65AD
                                                                                                                                                                                                          SHA-512:F317EFB953B2B50A5F321306D6870679CEC8FDEAF660729C616ACA070474B9A47B4DC1125FAE56CDFF5ECD7C9EE73FDC982CBED0FA5AED1B633B5A3BD2056CDE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...D...........H.....PLTE..............................]]]..........................................................................................................................kL,|....tRNS..........$&(/0...............&IDATH..KN.@.D_uzFb..F......!F....I.1..E.D......^n._.....=.,....4.....Z.o.z...2.s....{....."22.J........S5..1R....yN....p..Sd.i@......x......a.yN.u.JV..Q..I.@0...s.l..-}...n..m.N.........%46D J...L {>..c...[%>.k..h..>.c....*...s.......l.....5.V..Yj.l`.,.a....f.........>........?..]-.?.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\button_down.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 68 x 30, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):203
                                                                                                                                                                                                          Entropy (8bit):5.889660105398947
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPmv5bdss/YbwxklpLO/KYmufyYFa8up:6v/7Aq9MizLFai
                                                                                                                                                                                                          MD5:30086C443E196DC76E4B63449E6EAE76
                                                                                                                                                                                                          SHA1:225856C88F9C9F27FB7EBE7FDD71ADCD11DAA228
                                                                                                                                                                                                          SHA-256:292DA1564CEA53FC63203D0184FC0F2849C169AC3EC948A0344C31B674ADA3EC
                                                                                                                                                                                                          SHA-512:B3DAC0E218C50D5CB8984EF670390C602D8F427E45599D2CFA12D89E98620A0EA60BC0BD7D02AE27E19A6596A2CBD013CAA962C80B2457DCB0F9DF289AAA59BF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...D.........g(.....0PLTE......III.......................................\..\....tRNS.. ......?E.d...AIDAT8.c` ...f.....{......8....&0p......0.dT.pV.NX..a%.....V"2=...{g..d+J....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\check.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 10 x 11, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):176
                                                                                                                                                                                                          Entropy (8bit):6.151672179013188
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlH0tvl/24hGnlMWnZ/Cy49V+tVq/26yVjk5xoNpfKZSKVglzfDl1UQ:6v/lhPOtvI4hbgZ/CHV4EAVjCo/fRKK9
                                                                                                                                                                                                          MD5:B4FABDCB9968F11AD8F464A0DC1E195D
                                                                                                                                                                                                          SHA1:F6B40549F93AA73DDA93965D494704F51E2B2AE0
                                                                                                                                                                                                          SHA-256:F47290E13D80210EDBAD66771068146D2C2B81FC444448CAD4DDC5D5FAF733D0
                                                                                                                                                                                                          SHA-512:A9BB46B285499E40AA6B0D87C82A9CCFE925B30D28DA7F0B2099CA8DF4365211664AE4BB124B3E857F31222DB320F08CBB1F363EEF209AFB7F4FF80CC5E93E4C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............g....wIDAT....!......s.@&ZW..m.p7X.....X1Xl...a......'.............Bc..;.5......H,.....]..:+..Q8.h........^.........P...G..J........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\check@2x.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 20 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):417
                                                                                                                                                                                                          Entropy (8bit):7.342741240452635
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7+askHuEhsylgrZWI11YO1JnSC0wgDiIOHt:zkHC71REZCymIw
                                                                                                                                                                                                          MD5:94E4C2FD0E6F3A5C2F5EFDE68238F52C
                                                                                                                                                                                                          SHA1:5A5756076EB42B6B19C047882537CAAF0ED999FD
                                                                                                                                                                                                          SHA-256:F645F3D5464155BE90FB470BFBBCCCB0D4A821B1BBD7A19CFDE462353387FC78
                                                                                                                                                                                                          SHA-512:71835DF6CF370E14C7EAF03C69565CDE8F3FDC31CD6A53E9E8596B89AED203925A73B18FCBCBD5ACC0E1D949F4779F4F6A9A02F71A8F75F451A0DEBFFE96EDAA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...............o....hIDAT8...K+EQ.....%dx&...........@H.H2._..m.9.EQFF...2R.....Z..n....}.......P.W3.>..".....k.../.B].di5.`A.Z.&.B..p|..>..+...%X.7..Y..VpY......0..5X..}7.......w...\.....[.8.A.Z..d........Xz#..VwF..O..eX.'.......(.+X.<}...]...*..\.T..).:.&&*...t..p...A.[..<.3...g..:.I.d..e.?Q.B.......ju)9)..y.....@.w.!\7`...w%E..z;u=...S?....r..c........~...K.[..]i...".....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\editbox.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 68 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):416
                                                                                                                                                                                                          Entropy (8bit):7.3708761233550355
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7jpJOtqA0d8rRVFTfOY9GX10ykOv9jq3:uHexrTdfH9GXRksq3
                                                                                                                                                                                                          MD5:36929CFB5F181721B79C0027AA0C7A66
                                                                                                                                                                                                          SHA1:0CBF1BAB50D4CD36987BD5FE5C621FB48AA5B8CF
                                                                                                                                                                                                          SHA-256:B206EE4D86B6A279ABAADEF8D674495066BCA353479BF4EA7ABFDCC645FFC3EA
                                                                                                                                                                                                          SHA-512:9DF12E1BFC96A3C879551B624C1E07A3D04A29B42E206C06D8193BD1363F36459C2A4B2CB8D19D322FCDFE2CC61B42787B35F74AEAA10DE7654AC5784E3F5B30
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...D............#...gIDATx..1O.A.....3..X....N..7..C...11...*Z..9. V&...,..F0h..n..dw.f^6kD....0.n.l0..Y...H..:<.F..8........Z.f...[..,...7...m.v...$...].'.(...y..Jahs......`....|.'~...... r@("Q..Xk..n\d..aC....#........[&f..l....s.........D.QA.&H.o..gW.hd42...!...D......FF..=D....G..b...0..3.....T*..x\m6...v...i.d2.H?...z.6I......-TD..(.^.......9...#.T..".+0.........1[......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\focusframe.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 65 x 30, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271
                                                                                                                                                                                                          Entropy (8bit):6.184821585791818
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPqIltGmQ6dJq3El3YciKebcww3dsdtOG04tN3VwjKJ1yvRp:6v/75Mp6SElom2StstVVweJ1Q
                                                                                                                                                                                                          MD5:71B79B7CC09908BA6F8FF40C0EA10510
                                                                                                                                                                                                          SHA1:22388DD933F089701310845226EBB790B7EB8513
                                                                                                                                                                                                          SHA-256:DB272A7593D3CD66AA2BEF945C96ACF62BC0BDFE458E11CE20C72BCEF5CCEACD
                                                                                                                                                                                                          SHA-512:AE1570ED60A621BB14B15DAAF20D65838EF81B245F1014070135B39CA5472442CC53BDEF6024834356C30608FDC087D543FF93392BB5C0E464F26D14E3D5BB7F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...A.........D.U...EPLTE....f..................................................r..q.!7..8..9.a.'.....tRNS....#'<<=>?@@ABopp.....D......bIDAT8...... .DQ.".c.H....<......p..j+...).Of.....!..{.....2..m>3.`..&..p..U.[.z.....'..".HE.zH.}?...oB.6....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\groupbox.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 98 x 38, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):225
                                                                                                                                                                                                          Entropy (8bit):6.052488438839991
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPMa2sRVg7hr/2ztQ0gVcP04F8jesU/Yp:6v/708odRHBVjzv
                                                                                                                                                                                                          MD5:A78C4CA79750EA1BCE8914B870E7E5AA
                                                                                                                                                                                                          SHA1:F7A96194B043C552FE9259934B9A78A8AA625601
                                                                                                                                                                                                          SHA-256:4470E834BF1A8C2EB025D651ED5BBC71681AA898388AE17F8B276E8AD641A0B8
                                                                                                                                                                                                          SHA-512:2B839324A3247E0E4AA20A283541C4037269A197874CDD99FB53E68641A67C8A9B96A9D1036FB3D087BCA62CFA77BD77684F8CAE6C389717B48DBC3597B9E0E8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...b...&......BSG...0PLTE.....................'''^^^ZZZuuu]]]lll[[[fffbbbf.K.....tRNS..........244579.^....PIDAT8.c` ...YE.X...........Q.$...eH..+..E.th....1.cT..z. .l'...m%........zp;....DL......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\header.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):383
                                                                                                                                                                                                          Entropy (8bit):7.316897675335883
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPu9jK09x49vwpNyNSa7Rb0BA35eP6VNoqxQyNZ3JBaWCFoa8akWWvRJyenr:6v/74/EaNQ7t0O35ee60vOLSa8bNRMer
                                                                                                                                                                                                          MD5:9B795F12D86235B8053696F858CFF40D
                                                                                                                                                                                                          SHA1:E7E36F304EB356D5358A422A1C4AE5CACB4BEF19
                                                                                                                                                                                                          SHA-256:FEF52D00A955B35D50FAAFC08C9F0C6C55D4BC35B01000200E13DB44B59EC9BD
                                                                                                                                                                                                          SHA-512:4A0841C0A1BFD03DAE83B5B991C069CD0BC34FF06A4C990A189A3023AEC494DEB6AF376A94FAAB9E2BBAE2B4147AB67447768CBF39D2CC67272623011C602456
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............NF....FIDATx..K..0.C.....9J.VD..%..v...D.m.$..i.~.~...m.u.8.m0 .`...+...H`..E....".'].xygd....V..".. !L.0......%!...T..yK4...u........a)\..Be..@JiV...D.gM...J~.BI...R.....,`.5......k7...".8|j..@...C..~1...i.{...D.N.M..G,...hh5 .>v.)..P$YQ../w.{.,w.ii+..R..j)......6.l*.._...........J..*7..r..&<-.S.9..........(.q..7.-....E.c....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\knob.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 58 x 59, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1703
                                                                                                                                                                                                          Entropy (8bit):7.847758130427772
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:rmAlUclYkw8yHr6gUjDQoFT5HfEQ583AS5Nou:rpWclZyHryVXsNQgF
                                                                                                                                                                                                          MD5:02945439ADC155CF30AE30BB93EC490E
                                                                                                                                                                                                          SHA1:3CA68D3D1410EDDC124876F36433CC888172A93B
                                                                                                                                                                                                          SHA-256:455D05DDF72D76B5A3C8B4633FB19493511DA4E04719D308DE7A7F152B516B6D
                                                                                                                                                                                                          SHA-512:FCD330CB079AE3E24D2664384AF53A4E1D76AFC1E611B18B488EA037827A1B0144195B038B8A4ECEA80ABC6922AE3CF5A0B1321DB3EDBD85DA7647FB219601F4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...:...;.......Q....nIDATX..X[l.U......H[E.....5.5(..`....}PcT..M..E..>.`....$..I.I....1"BB...!...i!......9..;3.?g.rQH|`6........7...]...&....[k..k....,.z....].P....H.\,.7H!.[..t.;...k~.]........y ...... ...O.U...*V........5...U...1.zr.'.s3>....z.+ $.P.A.h.....:.n0....2.....'..&0..$.f..4C...4..yr5...O..........P......zr.4a..T...\.Pd...../.yG.W.....*..\.').+E....1 1C..7.._...T<w.. S.6$....._.........,.x.+....C....i.LLYr......2....5.X~.N.....?.GDa.NH.v..|f.X.a.f..s....)....M.5....i.N........,@.F\.<4.....}.O/m.....G.h._...]..r......p.....U~^;..<...s.@.......[.,.`.W.,....`qP...*..C,.:./.M[W.....~..Wi%.....U...'xb.F..o.4.Mo..`.]..K0.8O...Pc<M...8....R....\CC9.N.Q.1....y.......H.h&Ft.......G:.-X....aztn.a....nb`I...^.g....h{..j....3.. .h)}.t.$.PFA.M..-...l....R..V......Q..M.....:4m.1U%..W...9..6..9l.-..l@Q/.LM......u/Y.........=4).s^y.:9.d...D#.&.J....Y...1.....a.J..&.%.\z.....<.i*.j.^........7.1..m.o2.....O..P.=..+..D"..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\leftanglearrow.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 21 x 33, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):206
                                                                                                                                                                                                          Entropy (8bit):6.337291568109683
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPHbkIstUxG+21n4eD+m4NMEFtoMSjp:6v/7PT6WG+neD+PjM
                                                                                                                                                                                                          MD5:A6F7DCBF0C95F2EA039AB48656F697C5
                                                                                                                                                                                                          SHA1:21AA8F782F61D6FCC2DF6A473952D3CC429A1D97
                                                                                                                                                                                                          SHA-256:83D96C6CF82EAEE7684DC663B3072B10CEE5C1B3C9F9F1C49FA7BA32CFFABC40
                                                                                                                                                                                                          SHA-512:5293FF25CE5E37413F19CA752A993E6B1EA22D553EB6BD9796751E94D82DCBCA1644D608B0C50F7BDA426FF78F110FAFD9BCCAA73A0E8B4FFD6261788777BD59
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.......!.....6..-....IDATH.c`...............b0...@C?....S......4..Q..F..D4... .S.....(.e..o..~..d......r@./...H?.IPJ...x.. ...b. ......2p.`........A........FU...2....n.O'.5......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\needle.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 17 x 201, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2036
                                                                                                                                                                                                          Entropy (8bit):7.7960008441887965
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:L8S/XFZMsP9ZpnE9JiXKfZq75Yk0ylh5a8Z0p8f+NLcb:5Xw/92Qtora8ZtWmb
                                                                                                                                                                                                          MD5:2DE13EEA606A194431BDCA46C69B9D66
                                                                                                                                                                                                          SHA1:AC820D4142AF9CB8DB6091760F00E818A37F471B
                                                                                                                                                                                                          SHA-256:DE0BD47828AB9C6929A5452D96B5C6AC13B99C0E3FCC159C885EC15A4CD3E2C7
                                                                                                                                                                                                          SHA-512:5C3245BA2257244CAF686C0C5B9DC4211208EB33D1BB32F8EA64F7DCFB613FB57F1064C928A2567CE83524D1995F20069EA5B8E4B2F2FE4DA9267F746D0D3D08
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................IDATh...#E........@...;.TH....C.@b?[X...F..r.f.U...u..F..(.T\..\.n.....sq.... ....O.[.<....A8.....?.u.....".....'.g..k.8....E.=.....~..*XpI.ac*G.Ok.#........... ...Dp. ........c.....K.q...p...a..*p.R.,...K.....@.m....b#A......F,./.D...9..D..@v'.O....Y.kch.{..i..>...$~H......7i........-A\..~.O..\8....>..K..}|....8..A'...!.t..P...4.|..}*...nZ.w.t6..&..O...3:C<..C..~.V,%...].y...I...O...S......h..'...\....|.,.~a.AlG...y2...i..vu.....'..+.8&`...:.x........S..X._.9..9...\z%S.b..I........AH..j.Pw-v.Ny..!.y.y.[...V.+.nr.Oy....j.......e).[.......2.M9V....N..6....D..u*wd.%y...em.R...@........p.,r.x..'~.'T.$.I.n+.....2...Z.........F....pE}.w_C..5Z.....O..8.O6...d..N......9O...Ci.K.(..jg...I,..J.OE}r..8.W.<...b5.x..d./y.Dg...'<....U..gL....W.d&.).r..'...jy..'D....j[K#..K...,.kS..O6.'V..t......K..R.....D..D.}5.-".5[...jG:_.X..f.K...".D@%Oh....B._..F.Q..e..J.X..6.}....Hdl.U....\..}.i.J..f1.....K..<......[....(N.wRX..u.Zr.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\progress-indeterminate.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 60 x 38, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1453
                                                                                                                                                                                                          Entropy (8bit):7.436248461607645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pGy3OXplLIOIs/+mexpuYt2M67hZzPZgOM7c1glYa83T1QRLgqIgqJpa:pG7pVIE2mebZgzY7c1SYbRQR8Vgq3a
                                                                                                                                                                                                          MD5:D6A834191405EE2D93AF835999A0F3B0
                                                                                                                                                                                                          SHA1:7707D93FFD845E9A4EFA36DCF054093F6DD3B6F2
                                                                                                                                                                                                          SHA-256:10DD5915F0352AE3A58B1250E449660537AB36FF0B70DE6F54D3E22AF4EDF0D3
                                                                                                                                                                                                          SHA-512:A45F058E954E7CF1F9DC3967CD0D150706DC5B9D3339F0B4791610E5CDB59035B3F8FDC2F812A7202AE40A5AEE0C5EAEF0D893F6A28B6488845B33B8B885982C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...<...&......o......PLTE.............................................................................................................................................................................................e.....?tRNS...............................................................k>/....`IDATH.M..r";...}..a.Y....!....-...k$...U.QY..#.(..D...w.......,.H.{.Qh.)..iL.R...9..5(qx...>.K.5..y...=.$.Gi}}kS2..|J. h1.$....R+.@.>.M...9.p.....Y*E,P..!.<..!@....M(y.V.%.\...,/.J.R...O....5xs.........;..K1.p..D`...3..y.W:G...~...zY.~.|....j....s...3.e.....\...B]1<HC......>..I|f~...2..a../..f./.>...f.Z.>.$'..U?..8f.Yr.....Ii..^>|.........c...........)....~.-.......:..?..Mm....#0.|SI..:Gf..J..P..-..am6.~9.7.\d.k...Ed.n+l.<....'IL.G..........V.y.)-..._.3.9y..s.7..+.$..V..9.fdf....T..g..FPo..u.]U.Y..E...xf7o..........*..b...gF}...I..z_..K..y.{...1{..O7[<3...e]...~s...\.".'.7'.....L..X....a.75L.4H.9..lt6...$]x...n...WF.{1W.s.d...*.3....ngE....r..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\rightanglearrow.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 21 x 33, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):228
                                                                                                                                                                                                          Entropy (8bit):6.39399325133142
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPHQWw/kIWhbPHHmIqHaPUdUA3x3y9wuTp:6v/7P2sIWbPHI9dUxR
                                                                                                                                                                                                          MD5:01D831D0914774969825F38B3B9C7211
                                                                                                                                                                                                          SHA1:380F64DCC9EB7B2279F341A5FCC0BD95C941FD39
                                                                                                                                                                                                          SHA-256:CB264368C0D4801D4DB4C56653F57671D042C591AE24824C62E24D5545890DE7
                                                                                                                                                                                                          SHA-512:15A13F029B81CC824D46628E80B87A6807A534B658BAE608D67642AC7F5A961E6019CCD795F00FFD6301BF4BBC2678AFA6F2E4592E762D92954839525D78AFAD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.......!.....6..-....IDATH.c`..`...GM{@....@,H-...=...@LU.5F........,$.F...Aq.h...J....{....+.+.1.0..d./.z.@...i52.@..*.A%.......).....JP0P.F..g.........%Cp#bp.!...T.8....<......6...;....OB........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 66 x 17, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):825
                                                                                                                                                                                                          Entropy (8bit):7.181170546983538
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7bjVM6O85n9u1pA5bNNRQ6gQTX2Eu2i2V7WaD+E9yqw77POBSNVYk4w+7Q2bp:CilanypGNRQ6puE7Wa1yqk7PMM2bBtS8
                                                                                                                                                                                                          MD5:98B77977A191E201FE872FD67EEB76CC
                                                                                                                                                                                                          SHA1:54DAC271DEF15A91A448C0BB1D81D1EE3B7C831E
                                                                                                                                                                                                          SHA-256:EE8C1C4B11E8A4A50B08D7597583A0D3CD74E7CB9B77DE47FE8CFEE71B3E4B5E
                                                                                                                                                                                                          SHA-512:EC25398A9B34192A6BE506209F071D0F06EE567FA898F099D9DC9ED97A547D32DA71CC7D55452E7B1331204870E76831D6995BE04A5103D8175784E3E2EDF41B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...B.........^......&PLTE......................................................................................................................................................................................................................................................................................................k.......tRNS.................IDAT.....q.A.@.WG....a...Xf{.b..0.e..p........l+.>.TI.nVb..)>e.*..L$.w^XI{..w.$$.6X%.....H...n.d.C..b.u....r.......HJ:.xW#........^.U..E..^..m4..RO5.y[.....|...v.%.a.M.s.g...z.B.ddj.A.Z"..|..m..ln..'+<y.%....<6.%b%.rs.8.h.4l..nA.9pq..'7m.....0PL.......(.LUh.H........8.....?M.&.-...^L..3...0JYzI...L.U....S)>..h..P}.k.G..dm.<E.........mPy..a.^.W./.K..f...h@g......."d.YhC@@.ln.|......+.jO...FH...(i..*.. ..!.....;.#..3*....DD.h.t....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-transient.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 17 x 17, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):153
                                                                                                                                                                                                          Entropy (8bit):5.417362301449934
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl8DBry666666JRl/hkegCt5hGZgg1mmmAplms2mEKON1jltB1p:6v/lhP61ry6R67DKqt5hElHmAplP2mEF
                                                                                                                                                                                                          MD5:A134D237A48910A55C7AE34FFD5ABA46
                                                                                                                                                                                                          SHA1:DB72AA287A8FDB2E0CC0FB778AA7E9F2CC5B0E1C
                                                                                                                                                                                                          SHA-256:BFE3263258A144CD9D2B85B6CE4CA15614E6CED6BBB263759DEACEF83C61CE92
                                                                                                                                                                                                          SHA-512:B4BF5D8BE626D0B3980441607F2AA00A370CD70AA06B5187CEACF4C45A8F6A168C09FCC86DBCB47802EAE891D666E14030E18C9A1AD98F50DCF15E608E8AB579
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............CZ.....PLTE...............5@......tRNS.Y.........5IDAT.[c`@.F....C.K.....B`..#..3......a.P.B....a/.[`.....%..&.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 17 x 66, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):839
                                                                                                                                                                                                          Entropy (8bit):7.084145875349208
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:4PJlanypGNRQ6pQlBL5z13aTkITPvn4ymZnIohGUa:4Pgyow6pQl5V4FP4yshra
                                                                                                                                                                                                          MD5:37CDF30009E9CB143DEDF765F1C55BDC
                                                                                                                                                                                                          SHA1:6FB1DB37A28E11B8DB7311BE340E64B89FAA6D4B
                                                                                                                                                                                                          SHA-256:329501784A775761531C0E82B2E74CC9CBA464C0A38E93DB3323054C5F117D56
                                                                                                                                                                                                          SHA-512:1A52BE2341932150206B7A380B444EA23E3452CC4570740E11119DF67B2A554073971C079DB2794AEFF516CF0E608266092252F685E2D674FA51293DE90DF8E3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.......B............PLTE..........................................................................................................................................................................................................................................................................................h..S....tRNS...............IDAT............'%]rHu.0U......gj/............_.s.._wgr..=..$.=?(......".y..4.Lw.6kT.K..dl..xV..*af^3..X.:.Z..q.u7...5s..F.}K..Z....Z......s.b....q..y.. ..f.. FR.['?........N....T.%^.Y...=.....c....`.N.{..@,3.w.xT..7#6rG..% .....^......j...V.M..8.....8G.....[......G........(..g.7..[.t..D.a_....+...m..r4ba..M..vq...EX..{.. .]..a...M.....Q........}....[......~u~ .>..cwY...G........zh..f....s3.kf.x.ywtz.#..z.v.8...3...{....w....18........A.('X.H.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\slider-groove.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 66 x 29, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):565
                                                                                                                                                                                                          Entropy (8bit):7.197419983507909
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7ljaGgjivMGmrAQIZmxE6LeyqcKRKAq4efxVi7NU5LCtfGQmMcSQa1I:mjdsivbmc1cLtjFMNJfTmF6I
                                                                                                                                                                                                          MD5:2F055CC607C1CFD46EE5AABBB1672353
                                                                                                                                                                                                          SHA1:D1EB517C6276C6C3635B075728C1F52E4027F796
                                                                                                                                                                                                          SHA-256:D2BCB94DDBCB5803B9270F782ED52C7B6E0D1FA9AAF7DBFE6E41971C0CEBF46D
                                                                                                                                                                                                          SHA-512:734A7B816B541C295BD51FFD1AF7A601E62594C07B82B9FDC4706CFCFE84D59ECC22E5F35205ECB5883FA8C5B71A4BEA6A6585DC8ABE073865461168617455AC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...B.........)RJ.....PLTEDDD........................gggnnnhhhhhh}}}~~~iiilllnnnpppqqq...........................................................................................................V....tRNS.FG\]]^lm......|W.U...0IDAT8O...r.0.D..-.W...ev.JV.. .-...: k......o....._.y..B..q........oK...=p.........q.....!]...8r.c_d)...b.M.`.....qTw.....@..4.ZQ.....H ..8.gn`%..l.....!.c.@r...-...L.0...w. ...)O.zY..g...t..6..j.........s.\...s.,..^.-..q.c.[.nWy.-........<.;.x....Wt.g.....I...u...0.G"..t...].9k.....).3.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\slider-handle.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 68 x 30, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):524
                                                                                                                                                                                                          Entropy (8bit):7.0709053737113985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7qFyY4Pd4BWgplmtiCGbtSyZ1ddm5p6Dhovl+4cg/i:Zy/CIgp+oniDvl+Q/i
                                                                                                                                                                                                          MD5:5E45C866A18ACB5A644D250701644FC8
                                                                                                                                                                                                          SHA1:2A7CC87A8182CBEBE930F0050E092E77978549D0
                                                                                                                                                                                                          SHA-256:C78405B156497C8E84ABFCB97340FFE1CEF4599DD27C3EC4BC8FD282F90B556F
                                                                                                                                                                                                          SHA-512:33D04F540D12A90F968BCE8C647FAB409AE88C638380E11F031907D05A10DDF77414F2AA4C579B2BB6E99B6C47647819DB10D74D83B596058FB3A25C4F405CBA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...D...........H.....PLTE...........................III...................................................................................................................tRNS......... .......x!.f... IDATH..MN.0.D.........%....'i.5...S..=..j.xpb....D...~....e.wP..S.5^....8:..p^...s.."..P.....AV.W8E....S5..1S....}..d.S8T.%r.4..Kdz~.......i.}N.1K%+P.(.$d XnW...9O.B....c.(x..m^"..y.q.\BsC....e......l..b.!..]Z.6.)N.b..."..#...34.q.Df...:...T...[..iJ....8...........;D;.H......].D.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\spinner_large.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4723
                                                                                                                                                                                                          Entropy (8bit):7.85765721156218
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:lYwiXFuqU3B7ZKDogixWMKvubbolOJi1JTrLEFDWI4gGI:l1iI7Zao+MKGb2OJi1JT36J4PI
                                                                                                                                                                                                          MD5:C27FE30DB418E02A6373E9B5E5B5647C
                                                                                                                                                                                                          SHA1:713AC1F8D6A98301BDF8AB4B0EBFC7AB491F8D3C
                                                                                                                                                                                                          SHA-256:C1FA1F01861AB7BB548BEDD730A4B120C797987DF10CF7BD2809544387C7AE1F
                                                                                                                                                                                                          SHA-512:D7A434C360FCF97E2C17482ECE0A43EF987D32AC5E71A1118F9FDA98CC484998D2024F5BF37311DD012ECDE9B5ADD71D556216AF355CAC39D42D5C2897A5C0ED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............i7.@...:IDATx..y@......E<A. j..F...).,. +..}.}....,..r...).b.. H..l...54}.7.M.Ic..^I...........3...*.n..G.)I.....{f.ay.E...[....BSC^.i.......<.,;...WES.Q.``[P.(3 8.Q.]...W..6D..R.."n.......wC.C^.y%.UL..k...^...tO...7....Z@W@n..h...O...L...1..2.).....L.............W.eb.6y...N........M.0E..S..}..~o..9._..<.....9.dL{.X...q. j...#P................3~...#..&..h..S.b.bn..Fc....@...x.......;._.......4...........@%...........0...J...S.x.S.1.7..n.....J.?..@n..b.r..b...}.x.q.%7..!.7..q.r.7..D..[.:.U.@.@>...cz....%3/Z.'<u....@ @.......g.k..U.x..}...3.|.........._..H.....,.....@-.}.........{..j.g..zj(.:..-.p..[...R.@....@.....k._...W.h..>Q.0$.p.....3......... ..3................<M..~..DI.5LJ.\.`l..9.......'....z..._.OtI.I........0.....-@.. .PV.....<./.u.....{......x..IR....t5i@..Y.(....k...uN.....;..{4..G......~........0J@Y.. ..b.R6.....S........{..y...6.4... .Q.j..%..An.....).....G...~K.a^.~....>.....3@.....;...=*.d...s....I s5...c.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\spinner_medium.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1621
                                                                                                                                                                                                          Entropy (8bit):7.8462829500141025
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:DM70+IKZfOaCF+eC9c2W+0lXBPcFnWFIJ:DM70BKZGa5lczMJ
                                                                                                                                                                                                          MD5:BB0FB3EFECC4C2BC51011009116ACDD9
                                                                                                                                                                                                          SHA1:B6BCFD12A2A045D08FD3D37EF99583132A883952
                                                                                                                                                                                                          SHA-256:0F620F218012ED6FF30809046CED5CA372327454B59C0B4D9501639BBFFD3CE0
                                                                                                                                                                                                          SHA-512:CD454AAC39BA774A47A7A0098BF5540B1AF9B7B9BCDA9F9258945AC1550E51E83936DAD3B6C8196E430B52338859731CC0262357376027D38F890C928127DA80
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.......1.....IDATX..}lUg......8hi....24.......E.d..Pc]..C...Y..[G....-ALt....$h4.Q2.2^........H.....{.=..}...{;....9..s_.....=.9.s.ick6.Y[a..akB....v...o.....7......7.sZau.\...w..B..+.W.....V...z5.YE.. 8...D8s(.../.g...,..}....Z.x.......%.).:.....yl.[..GX.E`. .b....40-...A5.FsL....*(8s....u.:....[l.3b....O2.&.U......:Wk3.I.I''...v..p...j.k...!0gUM%.F=.....|..]H#6LsF...:...xg..{>.5....:..p........ia]...b.!....}..:.W.....%.#.(.bjm.......-..../...G......*y..w..V..h......4.H...8f...S......U.zu.8`k....P...Q...3.q.v..P.....18...B....`.'c2E2..S.U|...g.b..[.kO..r...."Y...g.a.f.uV.p.._.&.m.:D.L .M=.h.......n...w.<@....iQ.....y?...v..8M...';.7}.........I...w.[...#(......Z...$...o..1.X..T.T;......"..O..;`.rw"Q# p/.......O...X.6>.._.x....`...z.].`..|.\..g...rM}.....n|._...G..3....y.6..].V...G....t.G}5:x.~RuZ`.v...o..]m.[..........,....>q.6.R.v...d...;.......0..........:........g.v~....\.B...#.%.........K..,NI..'j..~&.PJ..UnN_..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\spinner_small.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):998
                                                                                                                                                                                                          Entropy (8bit):7.72561165556165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:12H8Q7cyzKX+GUlIlxepggs9AEIPmIHZ/OUm9U3Z8D8XvSf:12Hr7c+GoQxepKAPPmYZLmS3Znaf
                                                                                                                                                                                                          MD5:DD123E59D08DD2E80AF3F527B4FA19C0
                                                                                                                                                                                                          SHA1:78214E0D0B57E60538F8A4968613A4A863D69558
                                                                                                                                                                                                          SHA-256:8C31E6F37EEE27E6BEC02DBFB6452B9F0831D6586E47DCE4392E9FBAA07ECED5
                                                                                                                                                                                                          SHA-512:23D04B0BC9ECB49F3B5D6A4A03935DF52E7DA28007A65E9F9F0EC92A83F94F818B00C1CB78FA03F31746C523F76689387EADC93285EE74CF9EC99052AEC7C9A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR... ... ......s......IDATH..Oh\......f..&i.m...-(.,zP....."...E.x...hz.D....zP<6..j E\..l.R.`U.,lbM....73.6.4.d...x.c..7.`.........P.._...D.......{....B.3.54.Q5.j.N....z&..|h.4...&....?*VW.<.>..m..].PSO\]...k0....up)84.?*..q.8#.@.......0$...{.Upx}...1...{..........8........t:1...UHs..1,t..Y&.._NTn..HG.........O.l..(.<......H..[...-..o._Oo.....hh06./...8.>.@[.3...o~z...]..E..........yR.&.&.l|.t....)...F....K...\.&'.Mc.......=.....t....B..q_.......V......k...7l..5.5....jb..y.(.l~.A.hg....L...%SH...$:..@H.z...R>Y.. .`0.d..U..7b>$$.\.SSc.Gg.........K.C..^\m.0...=r..#..........a\l.....b...0..&&&.Cc.....25..N..g:jt.X..oo.0UHRS.V8j.5. FS..}.....cZ..5..-.....:<.&R.=VX-..^.c...i.g...d..E..V!i.|.t..r.Wm..L("U.:./...L:.<.NC.w...sE_6:n.C.$@@...#.Go..Ba........Z...5..4..t].0u.z.F.4j......]I.&....`..1.1K....FWg.R../...<.."$...........L(Ng.*.G.+Z.q.s[.n.q.ZXbja..`....."...~..n.&.5x.@.K..5.......pg.......9&t.$.-..s.e..._EC..+..6....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\tab.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 66 x 24, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):390
                                                                                                                                                                                                          Entropy (8bit):6.983802265794423
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7OX/VvA7tCOoPUgvli1vmDwSqd7cMQ:JXNvAUVQ1vQqd4MQ
                                                                                                                                                                                                          MD5:993BFF22C0CE8B494EE40D5C0FCF7656
                                                                                                                                                                                                          SHA1:FC273DD2567073EBEF5CEE52CC300148128627D7
                                                                                                                                                                                                          SHA-256:57B1AE0988C615082705698CE38D82B0AEC46BC11141ACC62F16554AF1F27820
                                                                                                                                                                                                          SHA-512:55E68688EA4A3F9E8AD803A75981CCF8FAB75E40C52369D6EDE66E213E4F5A9401C18D0971AB2F07C46DC3195D1DCC3DA3D27CD146EEDB2E48F3EF62D31A995E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...B.........y..K...fPLTE.....................................................................................................R......tRNS.......K....IDAT8O..In.0....<#...0sSW....4....".Zl.8.qK.>.7..Q<__7.z......P.Kc.@{.h...,..ND..L...t.!Wg.:=..V_p..g.[...5........1+.+..L?..v..".....N...n.`.=.q.1........o....w#]{.....$.....v..N43..=[..7..........IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\tab_selected.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 66 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):437
                                                                                                                                                                                                          Entropy (8bit):7.193635323117587
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7/dfTXAVW3o54JRkLUUFwKyAqGaoqEFc/hc:krP3zkLNqAqpfC
                                                                                                                                                                                                          MD5:8511861D8ED8A8F140DDABDB9B3920CB
                                                                                                                                                                                                          SHA1:EC61FA8B96DE733CD56D720872D8CB9E89D713F4
                                                                                                                                                                                                          SHA-256:B118F88D8D57201E2BBD1F1DA01FE348D3011EFC83B3F909B21C7AB2DABB87EF
                                                                                                                                                                                                          SHA-512:2B3DF5E2E8FF187631DFDC5BE3196FF9509F65B304D025F41F5201830197744C6E724B974B38DBCE28A5284B37488D45B0916C60B94BBFCD3FF466FC7D63A84B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...B.........4Wz@...uPLTE...................................................................................................................p.+....tRNS........@....IDAT8...AN.1...#.$>...........d...3.......DC.\.....B..HO......^M....#p>h#i1....d.;...`.X6XX=&...S_zl..+J.qyq..g.t...lb.'kMF-..wy.(Q.l15..n.(k.g..e..k......m..d.A..)...=.....;........}..|...%.f.........|.T.V.l.....W-..=C=hTB....S..!Z*Ex....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ApplicationWindowStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2037
                                                                                                                                                                                                          Entropy (8bit):4.83051031007633
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9kXbY:MLoO6E+iCshVKzlOWGf0hEVufy9d
                                                                                                                                                                                                          MD5:54013A441AF69B499098EEA96FECE200
                                                                                                                                                                                                          SHA1:47877BFA803C0838AB0A47342911C65EC071399B
                                                                                                                                                                                                          SHA-256:05E93F38D7C9FC61DE783DB9DA2ECB29327EEFD0C1D8C9B39AD9B90224C7170A
                                                                                                                                                                                                          SHA-512:1B8B33D378B91319A31FE773BCAB7E0069E9F60CDA1D2CB35EE0FD92B39CCA2260C7246FA6AC37AD24C66765E0FD380E8B6100E31CAA99B5C9B0DB2C72B07B79
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\BusyIndicatorStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2033
                                                                                                                                                                                                          Entropy (8bit):4.829978509699591
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9kXe:MLoO6E+iCshVKzlOWGf0hEVufy9z
                                                                                                                                                                                                          MD5:2DCD6E429D59C09BB08C9EBB65AF183A
                                                                                                                                                                                                          SHA1:5A9E200CED0F4D6202BA8E1BE082EF4F8EF6412C
                                                                                                                                                                                                          SHA-256:269B14A439279C1B28E2D66093E42C8CEC9F9EC4A6996633B263CACA6460FAC9
                                                                                                                                                                                                          SHA-512:084C5C7C1F22C6D2378436592EB3B51593471BF96FCFC13D8CE1C95978E6B073BB3BB88C5B084ABC3F2358DFBD8D6F808FDFFA74552A39E03942BD621F4B4B28
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2728
                                                                                                                                                                                                          Entropy (8bit):4.844188917143975
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsPByFTJWjr:KogUldGcQWOPByFtWjr
                                                                                                                                                                                                          MD5:A62D007DC5671CB3B7E899E6C80F212B
                                                                                                                                                                                                          SHA1:D3F14DE84264D533D2262F3A9AAF52010D9677E0
                                                                                                                                                                                                          SHA-256:56BD787A33ADC129D41092CAA2E38BAC074F0ABEB9430CA2EE134566D12A55B0
                                                                                                                                                                                                          SHA-512:7FE3FAFEBB599129FD7B058D58C388A8825D93981EBC600B47814389D9C10CBF5B7D13BD65D06E34E9C4B78E2F84A65817C557755D32A2AD75B04D29229F8A1B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\CalendarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2027
                                                                                                                                                                                                          Entropy (8bit):4.825830727934058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9kXC:MLoO6E+iCshVKzlOWGf0hEVufy9z
                                                                                                                                                                                                          MD5:D557C09A026B8492A3517007BF4B222D
                                                                                                                                                                                                          SHA1:3031C85AA4B93F676578EFFD1F11ACDFBBB696E9
                                                                                                                                                                                                          SHA-256:15F50D0791445818E933E80650BAA16A94D3B9403B216D87FEC1B5E340D1F267
                                                                                                                                                                                                          SHA-512:DE7854EB35483025D55B08B3A6F3CED06AA90258D0816A8A2DED72B4E981417DD4D22A9B7C5071550D37E8514BA3E06F3F3F46BB453496C16FFFEC505EC414F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\CheckBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4043
                                                                                                                                                                                                          Entropy (8bit):4.635695740291305
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsauKRsCxUu2oM6XRatjM3CSnhHTXgv:KogUldGcQWOauKRsO2oMC+MSS1LS
                                                                                                                                                                                                          MD5:52AE42A1BF76186E365F0A7F96E639C8
                                                                                                                                                                                                          SHA1:A09A8EF26CCD91155014D86AF57F85FFF3970867
                                                                                                                                                                                                          SHA-256:E4CE3E2C356FDC11F7D5AE4029602CDBE5F40E103CD482281A8D9F8EE6EB9936
                                                                                                                                                                                                          SHA-512:25EF63D9A6A175785EAE639CB135BAB3FC920016EA5F8D53194915F86EBC96FF4943C02A484DC85573CA298160EA1F440F5DA56E92AD62C9A2D087169DDF8553
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ComboBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5292
                                                                                                                                                                                                          Entropy (8bit):4.717869540578657
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWV+JbB+LjqZyYBAQnxg1AJzenItNx06gVgyx:KtcGZJAqACgDgyx
                                                                                                                                                                                                          MD5:9CEA0D2F653C5E0536C32175995E7EB2
                                                                                                                                                                                                          SHA1:BADC1B9758A4FE56402CEAA0B421E2AE734E5384
                                                                                                                                                                                                          SHA-256:B8EC881A35CF7E90154D2413CDCD53C2B131556C22E96F542FD934FA3AE34C83
                                                                                                                                                                                                          SHA-512:9D64E98D56A30E2D1937B4266008A65A510F773C2750B26695B61B4549F8780F53B29FE8DB23BD0D5B513D3CCFAEA61B578E7D2F5C894E47F4D6E3FCBD2F9ECC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\FocusFrameStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                          Entropy (8bit):4.866831940677612
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+ZXn:KogUldGcQW4Xn
                                                                                                                                                                                                          MD5:47CA08817D0EEC6DB4B3EAF514421448
                                                                                                                                                                                                          SHA1:0393CD93A96B8B9A6E9ED6E56CEC9CEED8DDE44C
                                                                                                                                                                                                          SHA-256:8307CEEF8D86F2E307B67A1C4A0B33AF7B83CC4965F698B15960841D20B19F29
                                                                                                                                                                                                          SHA-512:99B632BBD80E9E0A15FB4D43DBEF3BEBFB8F13328F496B5BAF640978B1430CD351FDA50B4DED003FC54664F1E71F4D01A9EFE04577416D701B827D146E492A3A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\GroupBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3230
                                                                                                                                                                                                          Entropy (8bit):4.914641706249265
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCX+/CAYnvoYBxnQ:KogUldGcQW9+/CAYgYBq
                                                                                                                                                                                                          MD5:FC05F8A54097E64E9044950470A58E40
                                                                                                                                                                                                          SHA1:ED2DD6FE5FCCAA5B88BD4515E93D2435C43899E4
                                                                                                                                                                                                          SHA-256:6858DB01FA20AD83559BB5DBB9BB6A7711C8C6959EC53FEBD4D0A9C5370CF59B
                                                                                                                                                                                                          SHA-512:11E577F43E332B195BFAD9CE5A0AA8F4127C0C6F1878ED5B99168B8DCDE5C41C89BA9AB752D8C92AAC70C19DA06FB598066FFBE7D6B6449D36D1D704FDCEF07A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\MenuBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3238
                                                                                                                                                                                                          Entropy (8bit):4.90187484968626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCev5COkFNpACuUBEKjo3Zq:KogUldGcQWcv5x+aCuUUI
                                                                                                                                                                                                          MD5:E78025940E8545B158A72910F129AAF0
                                                                                                                                                                                                          SHA1:8CD85D7C384EDF0FF6B05B532A4FE04312162A33
                                                                                                                                                                                                          SHA-256:177F211EE15687E231B2A790172D5CADD638016831AF3E4A55C4F9EEDB37E2AC
                                                                                                                                                                                                          SHA-512:4A494D95DE21929FDF04721096989C966717D89E5FD2C734CB6F9B5397579C32525A918417E305FAD9043AF5BA8E5D343809AADCB53A31CE8C4391A92BFA33AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\MenuStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4683
                                                                                                                                                                                                          Entropy (8bit):4.828387956520702
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWzvqVw/vSN93wT4ojVJGkOsjRj1:KtcGKWwyzwTzJLBj1
                                                                                                                                                                                                          MD5:9C457D5FAECD7B9A50671D78B48FD52E
                                                                                                                                                                                                          SHA1:B5C07C5CFB40D4B40F85C9EE7F8417819A5A15EC
                                                                                                                                                                                                          SHA-256:AF75BB0905D646A1A15361D642AB86A1D389695D6BCFEE8291CDA857F84E0CB6
                                                                                                                                                                                                          SHA-512:9434551DC72FB405BADF8BF89C024F7531A2E5AB0EEF1FD3F89999230B65D92E0BBA98D0D51C41CA205763AC9081BE4839E5D2B5E435F0135F5726C14B59C11F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ProgressBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2916
                                                                                                                                                                                                          Entropy (8bit):4.839363550613035
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsnxq2Bh9n1iWUH95XkuMZr:KogUldGcQWOnl31iWQ95XkX
                                                                                                                                                                                                          MD5:5168523E82D5137AD3656165D1D0A2AD
                                                                                                                                                                                                          SHA1:0C27710BC44AE4C0D5A781BA0D807398D70AFD42
                                                                                                                                                                                                          SHA-256:374ECA958EF36B2324ABBEC45E179E11570F6DE5A91F8AD3F2559393B240ED28
                                                                                                                                                                                                          SHA-512:AB2DF3E21E1BF415FC77978F42E64D6BA0273E04CB439367F9093A5BB7E9C7F78A3C2381258FE82AFD67CF45F41E82B8BE116D583D2E628C0C228DE1E6A78E79
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\RadioButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4128
                                                                                                                                                                                                          Entropy (8bit):4.6240539224144275
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCs+MMLR0K6SCv2oM6XRa2jM3CSnhHTXgv:KogUldGcQWO+MMLRvA2oMCRMSS1LS
                                                                                                                                                                                                          MD5:9DFAC0C040CA518A9E1930D70E90F6F5
                                                                                                                                                                                                          SHA1:A6D338CE117273B5753A982C66C7A76176C01293
                                                                                                                                                                                                          SHA-256:D673E0F7FAD84074A376601CA564445E9A8B428CF50C37EA59D05A7AB5924F6A
                                                                                                                                                                                                          SHA-512:9855008ABB7A5FC71AE9FD8D5BA78B7FF3E44F0C5110B1C0CCE214ED6A58846B31ECD03500F9B8D4F2ACB1F8076D9A1C3B18AE46623365BABCF8E419831815A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\RowItemSingleton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2070
                                                                                                                                                                                                          Entropy (8bit):4.832400322959624
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfyyU2yEd:MLoO6E+iCshVKzlOWGf0hEVufyyUTEd
                                                                                                                                                                                                          MD5:ED9217025E9EC7239C63D2EF60B78282
                                                                                                                                                                                                          SHA1:C5A7F37EAD74D963D7E2F706D693E31EAFC3BAD0
                                                                                                                                                                                                          SHA-256:5C11ED9112F3D286DD0351CC5166AEB3CF7B4BC8847C0A35422DFBC14FB4F3A4
                                                                                                                                                                                                          SHA-512:7157E905D21B7D5C330EC5275B91ED2B2F3E6A696874CA3EE05586B500820C83350942F990895382C32F8942258E708A297DD76B3A9D62DB9C0EF1DA482A4138
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ScrollViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3920
                                                                                                                                                                                                          Entropy (8bit):4.8675531615918075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWOLBgWFnl0bNNvGbGDp/s6dkGF:KtcG7qwl0bNN2Cp/uGF
                                                                                                                                                                                                          MD5:CCF3DC3DFB076E1397626FC400502E0F
                                                                                                                                                                                                          SHA1:379E4B968512352773130A95E75D465F3BEE4857
                                                                                                                                                                                                          SHA-256:A6F0CBA47674AF372708D6002506A0514FC8F1C6DF922416B44549BDB5D08806
                                                                                                                                                                                                          SHA-512:2DBEFCF7793C5EDD0B167AE6A82652692063126CAF465B33330292357F7D0F2E0D728C60CD375F279F8A41AC94E9CB4CEA431652F42BC9713AA01E102687FF01
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\SliderStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2912
                                                                                                                                                                                                          Entropy (8bit):4.857002307301528
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCs+DYs7M00/+BDBqivLm:KogUldGcQWO+DYd/xT
                                                                                                                                                                                                          MD5:C5BE6A9676AE022A4B5C5B67F9CB3483
                                                                                                                                                                                                          SHA1:1105EF627A6B6F46B9860C72E25069ED259AD1A3
                                                                                                                                                                                                          SHA-256:67D3A94B75A01AFEE08644CDED0E393CC3180916FE6DC9BF4B7E7B14727ED582
                                                                                                                                                                                                          SHA-512:303BF89C5C800C0D7C5C2C9682FD82F27CECA7F16044372808A1E88B74C94258B1A638A6DE3A2671CE92B11C445F047BC3BD30EC543B346690EE4EDC1A82A9D9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\SpinBoxStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5470
                                                                                                                                                                                                          Entropy (8bit):4.769994565901049
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWO+KWtnZkRtrFbWFJRN/3sqNnckMj:KtcGOXZ8UM
                                                                                                                                                                                                          MD5:3BCFD261EC53F77B79FF18EDA94F00A4
                                                                                                                                                                                                          SHA1:806C34F49630C855AB448D1DDD7CC7EC75155A7E
                                                                                                                                                                                                          SHA-256:BC6AA234585366A42DC44D90F15BAF2CDC601F4158E9A2E97A9E8CE4BDABE15D
                                                                                                                                                                                                          SHA-512:96F7FA538D396A03D0660B6D76070D5BB66419C80917AA3BB4135C57B98219A87D318E0EFAEF817CDA896C3ED65554072F6168D3B33E779BE3BA430A8E95404D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\StatusBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2491
                                                                                                                                                                                                          Entropy (8bit):4.878811646714112
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+V4iYSss1bM:KogUldGcQWe4n3oQ
                                                                                                                                                                                                          MD5:A4E30E457C53AEFC73DD84E4FB800AAF
                                                                                                                                                                                                          SHA1:2A18E9793678530EE130464A134DC1D1C036E030
                                                                                                                                                                                                          SHA-256:A605E146BD646C94F5DF54330956FCF355AA994822A3F19D2E8FC8DC7C6FDC72
                                                                                                                                                                                                          SHA-512:D0F7E098A0DC960A20273C5EF33DC089B5D6F4C8C9069E2863152D0FCD3EE5972D19FBCCF3BA57D5CCD6E9A341B3BA115C6600A7E7D8E820E4F375DE3599515A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2113
                                                                                                                                                                                                          Entropy (8bit):4.854277805833694
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9C2okXf:MLoO6E+iCshVKzlOWGf0hEVufy9nCfO
                                                                                                                                                                                                          MD5:6C9008235764FF0068F72701943B94FD
                                                                                                                                                                                                          SHA1:F100EAEEDF7D8164215092BF3C9A5F6FDC98F825
                                                                                                                                                                                                          SHA-256:203F0571C301F3215736C0647181D8C40CF7DC6C96C4C22FEE327A0F2643048D
                                                                                                                                                                                                          SHA-512:56BD57F97CA85EDDFF01C4C8DEBE9DFC0CFFC8959C49300A52457DCD0A8B78D3AFC2F3256BF6F38FE8942C72BF68B3B7C3385AD816E7E46AF0D6FA159A619686
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TabViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5403
                                                                                                                                                                                                          Entropy (8bit):4.869623049015817
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWROnOVeVVpjou109ek09eeNLuJ1T1OAhEs2TTaJtAtZRt7cQq:KtcGVOVeVVdolm6Jl1O5TTm
                                                                                                                                                                                                          MD5:70AC23990E0708D6C19F141EE87604AF
                                                                                                                                                                                                          SHA1:B887A7EC5240501AB95B576E5B351EDA5D657CFC
                                                                                                                                                                                                          SHA-256:FA8D23345774F673EC2E255FFD773B4F79C9402B1D96FD6B59DAF8296B388322
                                                                                                                                                                                                          SHA-512:11DAFFFA8DF00DC43D28B18D99E32C0806083DEBE15586436C2808F4D6D7F660CC26A03982271AABA8659FB07D076170E4AD0203ED99080EB664F9E36C13483D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TableViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5378
                                                                                                                                                                                                          Entropy (8bit):4.808326079025741
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWOZqOMLwFR9oDsEP+nSjMLldH:KtcGvkaRssEWSjqt
                                                                                                                                                                                                          MD5:68603CC39333371CDD6E1775322F1670
                                                                                                                                                                                                          SHA1:28F91909A18263E06D61EA1FCA4CFB274965EFC4
                                                                                                                                                                                                          SHA-256:D79180C0B2D1FDFE1D99E182D5EE3C28262402CFFA817820379E66618C976114
                                                                                                                                                                                                          SHA-512:9191915011233D238BAD3BFCB0BFB7D3E9D01BEB4BD6B02F4A6C229FDA4A9A343F8704C4079BC8E12991571B15A6AE0BDA0E2B3C2E36D5EBBA69E798C8069FCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TextAreaStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2739
                                                                                                                                                                                                          Entropy (8bit):4.876333999803406
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCDtWQwwTeDzT:KogUldGcQWvYT
                                                                                                                                                                                                          MD5:F18A31B21F6E1E07ED2C2384EC9DB07B
                                                                                                                                                                                                          SHA1:F0DB90907002175B39462D21AB886A0D68117B19
                                                                                                                                                                                                          SHA-256:C6B003634227509E65F0BF51DA7C933DDE9EDEEDEC7939A9B4EC6A032D15CE76
                                                                                                                                                                                                          SHA-512:5514AB2ED30618CB5C3AD8A15AFC45E90B3EFB83C26400700CD735D98526B6EB3F934D102B1BC83FD1E4BD559AC65B3266940699B94BB726F308FCBBF5BE2776
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TextFieldStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3377
                                                                                                                                                                                                          Entropy (8bit):4.85774329326833
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCshe/RXWBwwjepxStQE/NPGtuvlxR:KogUldGcQWOhOi6StlFOmlxR
                                                                                                                                                                                                          MD5:E32F36F66E28A5933DB78000F5A728AA
                                                                                                                                                                                                          SHA1:B84E9F41AA9723831BA2F1E33793B280570B2432
                                                                                                                                                                                                          SHA-256:469CC7017A3DEAA57E5AD77F67D92C49730158D4CDD3D4CE4A0565916B4BF046
                                                                                                                                                                                                          SHA-512:B099EADB5AADBD45B9F20089D77C16953F56475D03C84A8B1F1BDF44E6E2A85163252634C060EBEA5B047C85BEA1A4CD625C850CD75AB7B82E2888690C52868C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ToolBarStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2560
                                                                                                                                                                                                          Entropy (8bit):4.895624359026673
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+V4FoTtoKNTfM:KogUldGcQWe4FqtooA
                                                                                                                                                                                                          MD5:C00750A748AAC07D2EE770633A1D1977
                                                                                                                                                                                                          SHA1:E33BADC9EF8C258828F19FEC2BE808F86CBE43C4
                                                                                                                                                                                                          SHA-256:19A1F65314D130633F132DFCC0632767870946EDEC1EC3094D77C7EBF1DEDEA2
                                                                                                                                                                                                          SHA-512:33FEF4B179D1BBB6E6559FE4948F1A522E6D8CB08D6B291893A2E3132047E1F0CB0CC5C5849E571B836033B65D7D5032304B9237EBCB13BF88E14949610C578D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ToolButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2679
                                                                                                                                                                                                          Entropy (8bit):4.817998343273068
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsPeT6L/jx:KogUldGcQWOPeEjx
                                                                                                                                                                                                          MD5:BCFCBFBD6E6B859D0022AC47C639A698
                                                                                                                                                                                                          SHA1:2516F4A662B412923F9C2EAD0B5865E5E0D3CA35
                                                                                                                                                                                                          SHA-256:EAB8AA6660AFC600BB4638790DEE761289226F376DEC5048FF1322CAE9962EA8
                                                                                                                                                                                                          SHA-512:7EA78319472B7ED0D5BD2C93A9C1B5B922F39FFD668D666BB7CEF3CFDF8742EE0B819C2D2C830079D939F01F5078D37E5C71CA6323C0ECE4BCF0CD099A1A0BF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TreeViewStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2851
                                                                                                                                                                                                          Entropy (8bit):4.83490362938184
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nM+AvKufXjLOH:KogUldGcQWtvrOH
                                                                                                                                                                                                          MD5:6F7FAE0B08A85CC48443CD6C2A0AD367
                                                                                                                                                                                                          SHA1:E668B85D9524862BB0C849239C4E9F20F9610D41
                                                                                                                                                                                                          SHA-256:F25F4D88D7E91A642CF1F1484290398A6FBE56CA30E8D2641674FC2AF95BE28C
                                                                                                                                                                                                          SHA-512:E975DF2161991FB789AAC30CE1B5C42B55FB7C0E039377793F3A09F1A668C531431A916CC9046254EAED0D234D93939FD4E808F2E92E337C24F9FF35F559A0C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                          Entropy (8bit):4.323595876865264
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:SkR5JsRomvBAWQoAw:GAho5
                                                                                                                                                                                                          MD5:5BB63258D01ACFC40E4594162F0A82C3
                                                                                                                                                                                                          SHA1:565D8441B24D8780934A9DD477A10AF102DB1FF0
                                                                                                                                                                                                          SHA-256:55453E2272C4E35AF64C697A91EE082872A33739E88F9BF18E8128C5AB3BC4CE
                                                                                                                                                                                                          SHA-512:74B9A8C62FFCB21C29D48A3CDC0D7EFD2F5CFAC8CEB55C1B6CF0EFCC97730DC3DBA1642EA26E0245C41CC8FDDF10AE97BA12EA3B6388DEC734F8763BAD6A1211
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:singleton RowItemSingleton 1.0 RowItemSingleton.qml..designersupported..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):126
                                                                                                                                                                                                          Entropy (8bit):4.704713117740268
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BV9NKBiA/A6UR7ElXMLovyWmopFRPlDMexR9bVvn:xVfQiAbUNkXD8oDVlMexVv
                                                                                                                                                                                                          MD5:423C1712AA394DBE84F5179B52B1A261
                                                                                                                                                                                                          SHA1:49C875E36D792C01364191C9D236A5A3D3A25186
                                                                                                                                                                                                          SHA-256:A84A08BB95A702C80C249681B7C0E6F42173FEA619124961243F4804ED6CDA70
                                                                                                                                                                                                          SHA-512:C7CE34D2B67E9B2B74848F28648B3781FE3158B9D27FF309179712B4A16E8028DFFE5818C5E21D082816557EE3E29CCA5E182D81B7B7B44C30C760977DD2A1D8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls.Styles.Flat..plugin qtquickextrasflatplugin..classname QtQuickExtrasStylesPlugin..depends QtQml 2.14..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):822904
                                                                                                                                                                                                          Entropy (8bit):6.700959553619025
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:68gIwhCNoh+JJ9f9VhCNoh+5i9FrIJJpCNoh+7UJ:6Y2UJ//UioGW
                                                                                                                                                                                                          MD5:633645B3AB2EFF97752CE33B68DAA6E4
                                                                                                                                                                                                          SHA1:1E849CCFCA9CFF3FDB36E40843615E0A037993C5
                                                                                                                                                                                                          SHA-256:2345712E9768460D1BDFEEB4F3329B793334116B9B1D4D51EFF8787A68EC8DA4
                                                                                                                                                                                                          SHA-512:593EE6A16326CC7E6D07EE08711DE6F8D125AC8E1BB7FE18112D28BF1CFE6BE1CA22486858777629407BFA82165B88EC77EB25F5916AC158EA0EB6FC7294738B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............G..G..G...G..GK..F..G..F..GK..F..GK..F..GK..F..G...F..G..G..G...F..G...F..G..qG..G...F..GRich..G........PE..L....p.^...........!.....4...B.......:.......P............................................@..........................a......tb..........`............x..x...........@W..T...................<X.......W..@............P..h............................text...D3.......4.................. ..`.rdata..6,...P.......8..............@..@.data................f..............@....qtmetad.............j..............@..P.rsrc...`............l..............@..@.reloc...............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1575
                                                                                                                                                                                                          Entropy (8bit):4.8088919366233815
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:AM0yAwQYdlyGUG9yHg9olJ6DIqrOirQorA6aAUDTQdiCH9BtAH4oeDvXFWdlvZda:ey9y6PAJGIqqiEoU6LUDcEeHy6WXva1F
                                                                                                                                                                                                          MD5:413DCF3E49E01CA487FA65136C6FB0A9
                                                                                                                                                                                                          SHA1:51AA584ECABFC23F38B8C8E9C45ED820A7F404B7
                                                                                                                                                                                                          SHA-256:7BB94BCC9FA7D849C10ED84F476AD7951A61D48FE8F78ED5201956419D38D05C
                                                                                                                                                                                                          SHA-512:999E3ADB3F09CF70140B45DD4B8DB2C524974DEB5826D309419FC995A3912A7DF439FCEF121C28D5BA5FA36A1C0D10A3C9289B6B948C7FB8656BBF20E7992519
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls.Styles..ApplicationWindowStyle 1.3 Base/ApplicationWindowStyle.qml..ButtonStyle 1.0 Base/ButtonStyle.qml..BusyIndicatorStyle 1.1 Base/BusyIndicatorStyle.qml..CalendarStyle 1.1 Base/CalendarStyle.qml..CheckBoxStyle 1.0 Base/CheckBoxStyle.qml..ComboBoxStyle 1.0 Base/ComboBoxStyle.qml..MenuStyle 1.2 Base/MenuStyle.qml..MenuBarStyle 1.2 Base/MenuBarStyle.qml..ProgressBarStyle 1.0 Base/ProgressBarStyle.qml..RadioButtonStyle 1.0 Base/RadioButtonStyle.qml..ScrollViewStyle 1.0 Base/ScrollViewStyle.qml..SliderStyle 1.0 Base/SliderStyle.qml..SpinBoxStyle 1.1 Base/SpinBoxStyle.qml..SwitchStyle 1.1 Base/SwitchStyle.qml..TabViewStyle 1.0 Base/TabViewStyle.qml..TableViewStyle 1.0 Base/TableViewStyle.qml..TreeViewStyle 1.4 Base/TreeViewStyle.qml..TextAreaStyle 1.1 Base/TextAreaStyle.qml..TextFieldStyle 1.0 Base/TextFieldStyle.qml..ToolBarStyle 1.0 Base/ToolBarStyle.qml..StatusBarStyle 1.0 Base/StatusBarStyle.qml....CircularGaugeStyle 1.0 Base/CircularGaugeStyle.qml..CircularBu

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Switch.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5331
                                                                                                                                                                                                          Entropy (8bit):4.7535262271796865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQWtqJOuPhnGpgFFbVlCidcJhh2Lzprr:KtcGCqJogJkidcfQprr
                                                                                                                                                                                                          MD5:CA3D8928B9CEE6FA5F816B955E4BAD91
                                                                                                                                                                                                          SHA1:1F260D64D2ABFF2523276C9640411EAD735AABEF
                                                                                                                                                                                                          SHA-256:B13AB37C9E463A9CF8E54EC49227D0D9BFC1E2305AC633C52101B1EBC1F764EA
                                                                                                                                                                                                          SHA-512:EBFFE62093E5C826A466C95475051E70E460849F99B6D4B8641A464432CD16FBB3DC6E9C3FAB9A95EC04D89056BFA1313BDBBF6860B80E6AC8F74E34CC4BB0A1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\Tab.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3001
                                                                                                                                                                                                          Entropy (8bit):4.819287574242073
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9b1MU3w28oAjlCp8jSj:KogUldGcQWC5LOlCpwc
                                                                                                                                                                                                          MD5:AD45F17A9C359302CB783D120C735607
                                                                                                                                                                                                          SHA1:DEAC44C363B03E2FBAAFD698DB86C9D9CBD22F70
                                                                                                                                                                                                          SHA-256:498A7572ACC1A285857798648F3FEEAAC77364555573AD7225FB2A949A0539F3
                                                                                                                                                                                                          SHA-512:5F0B2C6CFE00567A1DC58BC4C51091223E3862FFD6B4AC513999E05046E6B063796769EF13B2916F71C7F80575D4B6DFB654FF439BF9230EAA14077CC17355C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\TabView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10775
                                                                                                                                                                                                          Entropy (8bit):4.555931669004076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGo4BkD2rdt4uI+t2KD31+F74u3h1zcO04SV22TNQbNqcefu1IucX6:RGo4v4Xaz24u0faWducX6
                                                                                                                                                                                                          MD5:21A3BD0847A872DEBB82D5EC259822A6
                                                                                                                                                                                                          SHA1:71A53D4F9C9881B97E9E6131883C7928DCA44FB4
                                                                                                                                                                                                          SHA-256:6D075D592A118CABD04880B806813D447DD8D38B61282A6305D2B6D8CCE2A1F1
                                                                                                                                                                                                          SHA-512:3BA9EE580EC217A4397FDA16B77FDCB5842D4DF5D843A441EB0E71782BDA6DA4A3D468967048614C311AB41A3CD42D6211F31C0BBDE23B904482558343423F8C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\TableView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11555
                                                                                                                                                                                                          Entropy (8bit):4.508062969601809
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGatGcaCIsEeVsAKajWjzfjHNhYjhjEHWgjJAStuKznjnHXbjtxtJt:RGG2CIDe66iHgNGFAg9/Jn
                                                                                                                                                                                                          MD5:A03F6048F017119A2EBDD73699108DDE
                                                                                                                                                                                                          SHA1:801B5E265790085FDEE815A796BDE28230D59915
                                                                                                                                                                                                          SHA-256:10B4650B6196482B2217C5593A1B702E1E85E67B58769D685314C7086E866CCD
                                                                                                                                                                                                          SHA-512:6468E846450D98779D857E8D7413E0D2B5A42CF68ACDC9E63336EBA3FF609754EA252CBA8F3A77F8971783FE2383BBB47EB22BA9A6D20399466E2AA392C8B95D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\TableViewColumn.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6792
                                                                                                                                                                                                          Entropy (8bit):4.758332165377038
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQW6Gze7Kur0wamqRNjjp6PzH7Xe8LQL1:KtcGoS7n0wfqjp6PzVLQR
                                                                                                                                                                                                          MD5:8E2180B47B2FE948AAE25EC0F55F88C1
                                                                                                                                                                                                          SHA1:82C723FD3B31AF671ED8FA5907495D47936E4F71
                                                                                                                                                                                                          SHA-256:03F87F2A263CD7550B805839A9D910C88C968A27485E4047EDA962F9FEA428E1
                                                                                                                                                                                                          SHA-512:0EC094B08A6F3F8D7CCB56EDBD182A628228B3E5C8AADD8A54E38F7ACCB71B5C48D9A036BDFF906946BF21C5E7EDAFF27A09C23B1AEAC43247B7E9448FB6F63F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\TextArea.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):36631
                                                                                                                                                                                                          Entropy (8bit):4.4780442352754575
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RGCsrfpOCASMCPcc1BjenOjPrvGU5qkV3G6QIwtr6S:RGCC7F1Bj6Er+UR3G6QIwtr6S
                                                                                                                                                                                                          MD5:F153CAD30D04C61CAD1FAD47EB835ABF
                                                                                                                                                                                                          SHA1:BF8A0EEBA5E2F30AE72FA795A66F4E6B5E1754C7
                                                                                                                                                                                                          SHA-256:921CDBE8172E41F1F14EBE5A8453C65CF13EC52C7D044F246F7DABE05AF20C56
                                                                                                                                                                                                          SHA-512:51127452EFCAEC6F0B6990CAF6C55C61FEBB4A84DAA4C988E2ABDB6D8EDF69401E942B2A690B94BC21B224AB45E390D98DD7FA2A80C6965CCE9226E57C41C0DA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\TextField.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):23187
                                                                                                                                                                                                          Entropy (8bit):4.601892640300788
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcG4ZAH+wlOXXPbyICpFy440d/nAS3JLzQ5zfKN3h1gdF0qEhPNq+tppmGjheDG:RGffwkIsV3huEhPNTtTeOp
                                                                                                                                                                                                          MD5:438230E5EB067351815803354B75CECD
                                                                                                                                                                                                          SHA1:C1D8DA8AFA9D7BF54347A614C3E10F7B119013CC
                                                                                                                                                                                                          SHA-256:0A5EEC9E6BDE5A318D695351EAEA1187929D08BD9616672290CEFB42B784B27C
                                                                                                                                                                                                          SHA-512:E271F00985D6EF691F4D5C24767DD27623C311D375FCFF20CE5F265BC4937CDF7430929C6AFC7C04D6B01694BD149622C39A2BE7A2302301FDEB5EAA4BF40580
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\ToolBar.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7444
                                                                                                                                                                                                          Entropy (8bit):4.556868420703673
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KogUldGcQW9Cs7WWD9z0vqArXxKA/k+PSAdl+f27qUhr6+LnQv1huMmunh+NNMXv:KtcGR+55YCKc8HQ5v3T+NNq
                                                                                                                                                                                                          MD5:C07E4147051E16985F5131A5430A8930
                                                                                                                                                                                                          SHA1:67D261B5394136DDF95649B8186AF3C7106A1118
                                                                                                                                                                                                          SHA-256:A6FDBF00896B66B912C84BD84394637DC418C7B25533FDEE13CDF2C0C530809E
                                                                                                                                                                                                          SHA-512:675B1D5B681E2EFAF45F30BE1C8335CD419C8770B26E701C9E275075968BF811CD8131FF405A474905A67E4B1EC2C5E35C831D6FA8ABD178FD2915FB3A39FDD8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\ToolButton.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3229
                                                                                                                                                                                                          Entropy (8bit):4.725674482574039
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+BD4pj4A9z0GWw:KogUldGcQWkDUP9z0s
                                                                                                                                                                                                          MD5:2DAA729A7973A06896E1ED0033FEA2E7
                                                                                                                                                                                                          SHA1:3ECD84596262AB298F07F75E0BC7A3CAAB5F44B1
                                                                                                                                                                                                          SHA-256:3D0FBEE00479A1D6FEBC3F47223F8902D371A59AF84F298C3FCD0D1326E2AE99
                                                                                                                                                                                                          SHA-512:45F5CC021A2CAF1E1751DFD2CDA447BB63960D97CC083F423B204F481B6D60B47F543C61DD5527741CECD868EB5B2F5563CCA7D09E0B19E16823FA96376845A0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\TreeView.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17067
                                                                                                                                                                                                          Entropy (8bit):4.403605360211459
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KtcGf54RK/P5LgNQL+n5GCVEHuCtJjrjPrVG0dQcAjNs0ThLvoajevjOwjCUJ842:RGzL+5hFeJH7rU4ahTF8qwAuCv
                                                                                                                                                                                                          MD5:E1FD1395D1F8E2FFA28F696FE0411622
                                                                                                                                                                                                          SHA1:FF7C276F0231781D0FA62859800DC95CFFB80AC5
                                                                                                                                                                                                          SHA-256:07BEEE0ADBA375BD9E9648AC6DFBE18A8FE3CE9DEA1BC56F3EFD2E017F2F7B9B
                                                                                                                                                                                                          SHA-512:75403629C1DE9C9E3E40B678DBBEA5FB2F4CE88AB022E5568BD33D4E173793BE81380ADAE21EF5442177A86D5DB10EB743064567C87AFFBD5DC4DF394F2DC802
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):157929
                                                                                                                                                                                                          Entropy (8bit):4.394855792362328
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:N5pg8X/dXiHasVeW+vrfAUmdR5xK5xO7MF4tXtXMzxo+3aM0XoXyQRcMGMQXv:N5pT/dXQ+TfAR43Pe
                                                                                                                                                                                                          MD5:B4A2ABC03607274408F92857B7BAB3FF
                                                                                                                                                                                                          SHA1:D271819DF46A7D17D37561132F56738DF8ED4A18
                                                                                                                                                                                                          SHA-256:9980DDEB8EBAB08CE397D99A543DC9CDC1E4964026EF9C73D6BA02FE43AD2DE3
                                                                                                                                                                                                          SHA-512:C897A979F60FE3A15BED54825DAE0EAA1CF9B831ADF3AF7B975BD0E4F27EAC8FD7E6E6F79FDC34D6FE996AD15B6FD4FF666CDE60DED0E878867BBF8794E4CC5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtQuick.Controls 1.5'....Module {.. dependencies: [.. "QtGraphicalEffects 1.12",.. "QtQml 2.14",.. "QtQml.Models 2.2",.. "QtQuick 2.9",.. "QtQuick.Controls.Styles 1.4",.. "QtQuick.Extras 1.4",.. "QtQuick.Layouts 1.1",.. "QtQuick.Window 2.2".. ].. Component {.. name: "QAbstractItemModel".. prototype: "QObject".. exports: ["QtQuick.Controls.Private/AbstractItemModel 1.0"].. isCreatable: false.. exportMetaObjectRevisions: [0].. Enum {.. name: "LayoutChangeHint".. values: {.. "NoLayoutChangeHint": 0,.. "VerticalSortHint": 1,.. "HorizontalSortHint": 2.. }.. }.. Enum {..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):212
                                                                                                                                                                                                          Entropy (8bit):4.668721562194963
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BV9NKF7eURCNPdMcvyWmopCxKdz+RLV06qWoZAhoAcRSfL8SFzSnRSqRHyQR9bF:xVfy7eU9e8oIQ+keSAhowPJ3qRHy+Vv
                                                                                                                                                                                                          MD5:A6CE84D84B95B99795330156F2B48C4F
                                                                                                                                                                                                          SHA1:8530263B6C0E61B715673C77BB2F8E55C51B2AA0
                                                                                                                                                                                                          SHA-256:DFBD5CB07BDDD1A2342B82A442CD4A4504D87D04DF79F3083BBA3A031888BE3E
                                                                                                                                                                                                          SHA-512:0979B08FCB1EC0D7589C3A80F0B24EA77817476D6AFABB9E5F63B8A07BF2F3F3D902695514CB3696F11DB210E1CEB6172CA0B878D6BB366DDD8169B009E9A83B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Controls..plugin qtquickcontrolsplugin..classname QtQuickControls1Plugin..typeinfo plugins.qmltypes..designersupported..depends QtQuick.Window 2.2..depends QtQuick.Layouts 1.0..depends QtQml 2.14..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):287864
                                                                                                                                                                                                          Entropy (8bit):6.5883932073206175
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:NVxGk4YD4+YqmudBZ1dZLSyOuPTVzVfombso0hfWgD0IY5uhrGT:txpD4DbudBn0O
                                                                                                                                                                                                          MD5:9D33A9D499280632DB8BEF1A0033B6D6
                                                                                                                                                                                                          SHA1:767E1AB1E09B2529092C9D2901EF75F4ED4C0027
                                                                                                                                                                                                          SHA-256:CDD39F16BD8CC1C2E52DEEFCE50AC03FD2235BCE4ADEEA521C8EFB521DB55D44
                                                                                                                                                                                                          SHA-512:E68C577AAF6EA606AF860D35C727874298BEEC3BD38DD5843A1B9E1709DB9A511EBE31B0E5BFCDC3F63C9E44E4788E652B16BEE7BA154610EC0A05861CCE6420
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................@....,...........,.....,.....,.....e........M..e.....e.....e.,....e.....Rich...........................PE..L...hq.^...........!................d................................................6....@..........................................@..`............N..x....P...D..Pk..T...................Ll.......k..@............................................text............................... ..`.rdata...T.......V..................@..@.data...............................@....qtmetado....0......................@..P.rsrc...`....@......................@..@.reloc...D...P...F..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultColorDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16805
                                                                                                                                                                                                          Entropy (8bit):4.024511905292934
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:iGjfVa31y7foQAOumdPjAa6rhLjm3ADpBUQwNLX:iGI2T1Nj
                                                                                                                                                                                                          MD5:4B200AFD3340E84B92381852B9C4D053
                                                                                                                                                                                                          SHA1:53B52803A2994A2FF56272CCA5AFE91896981B43
                                                                                                                                                                                                          SHA-256:29B816728E1B4450E7B50DDA9287D61052BCC265D178BCD1672C27FB1431FED5
                                                                                                                                                                                                          SHA-512:81824E7710908FCCD0CD74A08E328DAC56B5538FCA6E1011BA892B70D9AD945C8E879A2AB05DA2D0D0F494D9F9EBFA6B03F1F77D4AEA927984B2F5F6540328C6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultDialogWrapper.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8343
                                                                                                                                                                                                          Entropy (8bit):4.489736761557964
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KacGuEXsd6q84cbBNUaf0DuH/ivxMoEu12C1q0E:iGuEXs47zjeU/ivxM7u12C1q0E
                                                                                                                                                                                                          MD5:6E9F9F1D9B0B3EC16B9DD0C8F21EA382
                                                                                                                                                                                                          SHA1:C0F1CC4C1142F60E4DB4795984DC03B5E43F1C3D
                                                                                                                                                                                                          SHA-256:09FDBDC3098BA77DD2261B8CD8FD83866D998EB9BFA9F685DA5C43FF78CE746D
                                                                                                                                                                                                          SHA-512:0350E72EDE7826AE537D2944EC1E6A6D07AD1A691109D4D5ECA01170C8E39CC8D08CCC909769795189B4A4035A30967DC001E0D5E041F6611AD80E0AD3B3EA48
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultFileDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21837
                                                                                                                                                                                                          Entropy (8bit):3.89069196383034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:iGCRB55UnGfnUeSO4tIXRAXsMOv6REflHEG:iGKKOPMITb
                                                                                                                                                                                                          MD5:D8C075B1466A5DBC163AAF306C8B9C8F
                                                                                                                                                                                                          SHA1:0BE13D591DAF52EF34D22C9375DBF484FAC2415F
                                                                                                                                                                                                          SHA-256:7562DDFB2AC626A253FA3987FCED5DF7AD7E21CE61EAAF102F005CC586FE6BBD
                                                                                                                                                                                                          SHA-512:37A2428C3E7A91CB2626A633447DB586A89D3E35722711B9CE3F2A60634AECE37C0409C965B0E77D31F94B5BE563BB72F94C2D684129BA8597E28908D52A9504
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultFontDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18789
                                                                                                                                                                                                          Entropy (8bit):3.9546487780736306
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:KacGtM5QUU83tyUWheQ3dlbb6zW9e86ewxu2Gy:iGtMQUR3tyUA3bbb6ic8G1
                                                                                                                                                                                                          MD5:75F348472EE20DE837256420D3F05A8E
                                                                                                                                                                                                          SHA1:4D492C74E8E5CFA2500121E9644872C459D19495
                                                                                                                                                                                                          SHA-256:47E4E8472C71959A1CC12FB0857290E655AC901C68D209024A80012555F0C7D8
                                                                                                                                                                                                          SHA-512:64B6E0CE233359E654E3E707B4B2E7125F3719649F17E107E66C5B56C216A63FBA10B3259D5741F05600B8F9DD9CCF9688B8A719D2D17F559551604458AE6516
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultMessageDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12934
                                                                                                                                                                                                          Entropy (8bit):4.097455940794716
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:iGReV5+MQbirxkSVx7oEk/Wb7Ri37lwbuUvr/c18/S7:iGWBeZ8/w
                                                                                                                                                                                                          MD5:B0E29EE869FC72FDF86F89E0B0E9B621
                                                                                                                                                                                                          SHA1:97A79B3E5C3343894B1107B72773E0435C2459B4
                                                                                                                                                                                                          SHA-256:CAAA34C2AADF32D0EBBAACF17744C5797B79D4D377321F88139B3F13A14AB61C
                                                                                                                                                                                                          SHA-512:849B344E4B9D17D324DC79CFD62387A08FD147F7B76898B7949928631DB61A16307D97B8671AB7975962693D5EC1413D3D524928177C58AAC2AD795C8AD09A2D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42616
                                                                                                                                                                                                          Entropy (8bit):6.360625901534424
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:ciHJ8nVgzXwJna0ED1spXb1JX3byqlJnT8wN8BLbnlmeXT5/w2lEmzP:6qF1sBb1hryEaBfnlmWT5/wMFT
                                                                                                                                                                                                          MD5:44B864AE14067C7A23BD34E00370FBB4
                                                                                                                                                                                                          SHA1:F0DFBD1806397DEAF005DF0A2DD228BB533B5B6F
                                                                                                                                                                                                          SHA-256:569013C6F5C555B0BBDDBE275B4EE7E307D59FC8B9D6A4B07F52326BB6392319
                                                                                                                                                                                                          SHA-512:3D8EA70E18F2BFE1B6EE407905A71FD299132EC3393AFB34E5C55C34D9B624E353B6FFB71A7520124C83430FF6C218BD4A6FC11F2C739F4B6C5CCF6F708627F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.x]...........................]............................................................................Rich............................PE..L....p.^...........!.....>...R......hE.......P....................................../.....@..........................i......Tj..........`...............x.......`....^..T...................._......._..@............P...............................text....=.......>.................. ..`.rdata..J8...P...:...B..............@..@.data................|..............@....qtmetad}...........................@..P.rsrc...`...........................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12562
                                                                                                                                                                                                          Entropy (8bit):4.0547557110118335
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:I8VFmGH8iSSoesW6kDFLN7rgJO4jybtuYR1pbbQDU1N1l1r1nL1DaHfI85I3P8v+:5ciSSts8XTKQfX5nZ35pkx0v
                                                                                                                                                                                                          MD5:01A98548921015519F9BF96AFC6CA3F2
                                                                                                                                                                                                          SHA1:7010F0A761839F0396B184A407F064A24E034CEF
                                                                                                                                                                                                          SHA-256:9F2748312B462C9BD61A1638B91D2F0E36AF088DA06C55DE385D216299325892
                                                                                                                                                                                                          SHA-512:62C11064E927370B42D6758DBCDF42446C7116638941EE6FA7CB5CCCAAE1DC06C5266D3F135C8669E59F4D732C7C5373241D3FC7E37ADCDE0519EC05701113D5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtQuick.Dialogs.Private 1.1'....Module {.. dependencies: ["QtQuick 2.0"].. Component {.. name: "QAbstractItemModel".. prototype: "QObject".. Enum {.. name: "LayoutChangeHint".. values: {.. "NoLayoutChangeHint": 0,.. "VerticalSortHint": 1,.. "HorizontalSortHint": 2.. }.. }.. Enum {.. name: "CheckIndexOption".. values: {.. "NoOption": 0,.. "IndexIsValid": 1,.. "DoNotUseParent": 2,.. "ParentIsInvalid": 4.. }.. }.. Signal {.. name: "dataChanged".. Parameter { name: "topLeft"; type: "QModelIndex" }.. Parameter { n

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):128
                                                                                                                                                                                                          Entropy (8bit):4.541086444900037
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BVa60XzeBz3hVhvyWmopYPJoXhhy+RLV06qWov:xVa60DeR3hV58oOP2X6+key
                                                                                                                                                                                                          MD5:D859E992832670DFFA54EBC48137C3E0
                                                                                                                                                                                                          SHA1:9A36E7C010533552F9BBD537337B9EFE605D0B4B
                                                                                                                                                                                                          SHA-256:328CE7281FF10EF0D90A753A716912656D3F97476624A584A8B50847127FA00D
                                                                                                                                                                                                          SHA-512:7E92DFFB3E83DA37DE50CBF6C3E808EFFEFF1E49509EE68C7D2EF9B8094C025BBEA5CB1E023B0EEA8B406BE3617BFA3346CC022E6027D93207AF9D84E52FF849
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Dialogs.Private..plugin dialogsprivateplugin..classname QtQuick2DialogsPrivatePlugin..typeinfo plugins.qmltypes..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetColorDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2046
                                                                                                                                                                                                          Entropy (8bit):4.839194226499755
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9j:MLZO6E+iCshVKzlOWGf0hEVufy9nj
                                                                                                                                                                                                          MD5:B6D6A211D4018E1871A28DA308C0A264
                                                                                                                                                                                                          SHA1:8EE3F896DD57F62D9CBB01B6BFB5DDB59ADA2ADF
                                                                                                                                                                                                          SHA-256:69A65B64D70B2328258AA1A35B52E1FC4D7A4FFBC2B458BC8CA48DD5BBB28C8F
                                                                                                                                                                                                          SHA-512:A52F8ED39092E8B50923A68DFBD5B8CFD790EAE607575B0B10FE3DEE7E097FDBEBD92FA8D3923F6614FD7CE71DCDFA6F9EED5179DC5F4FF69E99B6A8CC3C20FA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetFileDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2045
                                                                                                                                                                                                          Entropy (8bit):4.838543971830859
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9QWC:MLZO6E+iCshVKzlOWGf0hEVufy9nQf
                                                                                                                                                                                                          MD5:9AE11A1E4DD9A3D282AD5BD773CFE0CD
                                                                                                                                                                                                          SHA1:D08399E72B6CAD3634D15C9C3371F3B61112EA60
                                                                                                                                                                                                          SHA-256:275DD745DE7DFBA2CFE20513C72F91DBBCF3A9E79A7C5C5826DDE116407F831C
                                                                                                                                                                                                          SHA-512:4F20EE351C799972FA48DC0FF33B54AC56B51DE7232A14F50D8C3F20A698EC9C7822CDE95C4EC27A574028FEEE40308FB6FA7AA421485ADB0BFCA217E2ED51D9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetFontDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2045
                                                                                                                                                                                                          Entropy (8bit):4.839477066158387
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9u:MLZO6E+iCshVKzlOWGf0hEVufy9nu
                                                                                                                                                                                                          MD5:A87880CA314C1F7E637390F555D93CDE
                                                                                                                                                                                                          SHA1:691774B5B2179CC0B31D976EEC8EFF37166A2D23
                                                                                                                                                                                                          SHA-256:DC36D5A4E713A5CEED8E877CB16D30272953E736C99FBF933075220281E3A2EE
                                                                                                                                                                                                          SHA-512:DEE0DFBFBEB7D1F43E7FE5AA7C7EEED019FE96D9D885D2C89C19025878D6213B3C95953922130CF877B7B6BE5962A9867B6B659FDC4328F5B0ABBD4DCFEFB7E3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetMessageDialog.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2048
                                                                                                                                                                                                          Entropy (8bit):4.841495536435705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9Q:MLZO6E+iCshVKzlOWGf0hEVufy9nQ
                                                                                                                                                                                                          MD5:36FB0F29228ABACA2E0F0BF72EC62823
                                                                                                                                                                                                          SHA1:FB1C98BA0DBC9D5B9B1D2CC3F947DDE5212CDA73
                                                                                                                                                                                                          SHA-256:DC91A4E687696C4AA83E5A1D6E05BFDE8F3FAE8338691982E42F3282AF9A1E6E
                                                                                                                                                                                                          SHA-512:747B56D7CE4281E25543C6D8705558FF0B3935CE9301FDD00998293B0761FB432143D4040BE97EF0BE15ED8F01045B176F9D08A72AD85B487E834F118122FE75
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):120440
                                                                                                                                                                                                          Entropy (8bit):6.378334025640155
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:x1opmnOmyn2ZVGDenVL9egTShe+8XVs+yU5eMAq:OeB91TSA+8ls+yEe/q
                                                                                                                                                                                                          MD5:734D47ED41565F3E51CD2E5A32E5BECE
                                                                                                                                                                                                          SHA1:585C447E9ABDFA39C26E510E1B47F72B49CB0DC4
                                                                                                                                                                                                          SHA-256:7EB28A6C31978DA80D930956ACDA4655F0028C8E3152DF309C330193090F3ADD
                                                                                                                                                                                                          SHA-512:9AA7BFDDB46D16D67EC3B43E5DC7CDCA375AC6B54F218974EEC863B43FDE6AF45374DF10872CA1DA49DCFC6F085DEAACCB5845D47154933A9D47CBC779673610
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-Lt.L"'.L"'.L"'.4.'.L"'.!#&.L"'.$#&.L"'.!'&.L"'.!&&.L"'.!!&.L"'Y"#&.L"'.L#'.M"'Y"'&.L"'Y""&.L"'Y".'.L"'Y" &.L"'Rich.L"'................PE..L...'q.^...........!......................................................................@.........................p^..|....^..........P...............x............M..T....................M......XM..@...............h............................text............................... ..`.rdata..~...........................@..@.data...............................@....qtmetadm...........................@..P.rsrc...P...........................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\checkers.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 12 x 12, 8-bit grayscale, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                          Entropy (8bit):4.8250725838538475
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPl/lEyAg+KjExt0Klds4M/2g1p:6v/lhPkpg+sEr0Kw9Vp
                                                                                                                                                                                                          MD5:0517A78A9D76782D9C5A0A256F696C42
                                                                                                                                                                                                          SHA1:A5C8AA81BEBAFD4C2432922768F83B17B890ABBA
                                                                                                                                                                                                          SHA-256:A9FAABAEE11FDCE6A16954F4B5ACFB8CCE82B956BDA8E36536E2FA2A5565833E
                                                                                                                                                                                                          SHA-512:F2DAB5776571D2A0E9AEDE01664B6191805AE484FD3016034BE1E0076BA4525EBEB769DD1D23BDF48D138D38433DA138C1C9D66465BE91CF4F9DC3CD837E0F38
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s..;....IDAT.[cx......b....Q...:.I...M....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\checkmark.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):809
                                                                                                                                                                                                          Entropy (8bit):7.639303591497463
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7lCOYk1ciPxiqauOsLcf/BKdfTXuFUm3BbtbGaOal/5pRFwvckbtyYyuRer4m:zDDFW8JKdfTYnbGRaZdFwvcUdRryyKx
                                                                                                                                                                                                          MD5:EFE373D58B121955066445DE9442469A
                                                                                                                                                                                                          SHA1:114C6A870D9A9F821C067D6B217069FB1F57B100
                                                                                                                                                                                                          SHA-256:C64F5652492178D3E77C358C8169200A819BE50AE557DC5A9D71C1F77AA2EC7B
                                                                                                                                                                                                          SHA-512:C78A74A1603DF60E1F24DCD3A19044C0402CFB3C02B35DF0E53813193E0DDD672A7AD53FCC7591E1ED57A39DA80704F70E853B2A3201F8FDFE6FAC7457417761
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...@...@......iq.....IDATx.._h.a..?.m1....Y+5.`h..7HJ.H))....R.(7.P..\XI[v%.b....(.N...p16.9.~?u...}...{....=..y...{..}^.....X...W.80....@w..9m.n...d.v..x.p1.....|5.Z.?.L.._........O......+.8).'.uV..8............k.!..!Pj.~*.#....V.~..?b).9....b......$D...s&.-......?..V........l.....|)pI....Y1@...7X._V.......Y1...>.!m....9V.g.}...Y..........[.....Ujrc......&K..E......R..`J!/..%..".^K...7...S..v.;.....{....g.k.....G.*..Z..;|./&8X.O3.w.. .?...%..,.=.c_...W.B......Y....AM^..8......m^..:'.u...W...g.k....h..zF6......'....;...$7;}.V...p.?ko...^`.O.X.`.a`~J...g....V.A.j.....eb.$\..<.7.$.....?......./...j.<..Q........g/.+O..LZ;.^.....R.....B...w....!.k........q...".'c..'......?.l&.*.^:..f.@.vyp..AP.....)F^..%..1....)......a.0.fr....&..'t:..........*G....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\copy.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1338
                                                                                                                                                                                                          Entropy (8bit):7.747124563344084
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:6lVM8MgSjOvbmMhbYy2bwlWsnPyP/dPgqk4ag90m2Tlk/Mo6C6sGZI5A1:6lyU+wD6wlWsatPgQvK1em1
                                                                                                                                                                                                          MD5:EB9DEAA140599B0AE5B6F17885BC4FEC
                                                                                                                                                                                                          SHA1:A48179DDCE06E34B40CCD002E8B57F6E6E43028B
                                                                                                                                                                                                          SHA-256:2F1115B9C1D70650B8459714A7C410A2629D1992A25E4AF9ECAAFA9CFA1254D7
                                                                                                                                                                                                          SHA-512:C90EEAD71CFC46EAB38DF0C380139E549EA64D6C320CFCBAC395AAC5DA905B35266742A751559176700FC54B73116085C93BF50891186E8D0C1CCAE6CACB8D4F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz.....gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<....IDATX..]L[e..wo....I q.&.N..p.D.P....+.&J.'......l..9......@l.C. +..(.....J{..............*..<9o!...<.G.....F...LZ&a.j`...y.?]P...W.@0......2.'.X"s.yk.K.r..{......@......1).Ka%.D8.Bs.........y$..X....]....".K....M4uY....6..:..._..?V.EEU.*..........%...k.X........p.A....].......Z[[..U...T....195..9.&&PPP.!.o|.I....\...OA..C....j..PCf.....z.H....Dee5fg....f.t...@2-x..Q....p.F...S..~..E.'.a.A8..Pwu.LC#.5...q\.>,/.....z.c@}}.P2..F.f.............dn....:.~E"..+*0..@..mW.4.|S.5@f:......e....C.....cw...*w......e..y......Bgg'zzz8PIi.ni....o....g...%3.......@..(...cmm.........|...=@....A677.v.V.....U...G..;....%.$3O$.(+..........6Z..0...'.<=MI.J......=...0..|q.........P...zH....k....Wd...Sj..F..<..........f....d..(;d.H=.s...@ .eU..-..:c.}.i.v...]=.&...r..J*p.W.=..~.....g...@..D....qL..+++X__..'Y..t.PO...e..2.4...X..dNi)9.D.@....|[....O~u..q..q,.~.Nm.7....d,m72%..#..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\critical.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):253
                                                                                                                                                                                                          Entropy (8bit):6.644105823239495
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhP6rmoY0Xhvz23P4vC4IrRHUHThSJ8mlQBOkDwsup:6v/7yrnYch723P4vC4CRIQJ8UbN
                                                                                                                                                                                                          MD5:C0D25F09F63973E3E8D63929069E7BA4
                                                                                                                                                                                                          SHA1:AF6EEA179B40FEDF1BF38C863F2F0B11C63F4A8D
                                                                                                                                                                                                          SHA-256:11F9D1B451E5CB9A3C075387D56AED11AFDF5FF3ABC874B12221E695D5DF9C95
                                                                                                                                                                                                          SHA-512:3A6A05DEA9B818C5CE79586D5CE07DE4013020411D18A4F1AD5CEDD00AF0A57057F68ED22FDF5C592CCEBE7AE9E3FCE418097BC9BF6459672930D22F3F312B4C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR... ... ........g....PLTEe-g...........w.....tRNS.@..f....IDAT..].1..P.D.&...#X.)<.O.......aOi..G.%Y...v.........P....P....U.-..(|..H.j..)..].(.eHv.b.F....*VmP#....FlbH...}..s.'cL.l.Q...O...N{..[.#.....q..m...|..k\....N....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\crosshairs.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):876
                                                                                                                                                                                                          Entropy (8bit):7.601096840987649
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7yGiKZNdq4nks6YBPK3ZreNaXduKACDu0eHZdZodawndtKOXDg0sOQpKwgLe5:nGi2qw56sSpCKwHZbMGOMIwOeahW9N
                                                                                                                                                                                                          MD5:27D78295C7BE72DFC4F9902DB999FE12
                                                                                                                                                                                                          SHA1:E83D516E4ADC19963C35BC621C212ED23AFA320C
                                                                                                                                                                                                          SHA-256:30B4A6C95A606AD8E9649F55DC9AA1020637ACF850D204E31904B7144BF4969A
                                                                                                                                                                                                          SHA-512:0DCC78AAFA8F45A428A348DB5D0C19A9427CF966AB4F7D0F7B2A009B730C6B7E93844A6BDBF70D332AD6336E38154AE8F2FC4D0ADE2740BBD2E771A26E39B33C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............;mG.....bKGD..............pHYs.........._......tIME........6&.....IDAT8.TAh.H.........j.!..1.....,j..vK...$|.I...vw..n..r.A......"....Tl..d-.1.ZA!^C.....5.^.o...7.{...............ey.W._.p......!I&...=#5...]...R..;....Fc.1..aH.bq.....<.o.*~7.'.F.RJ..|.q6.]0M........B>..L).....M.R#K...t:.y.DU.eY...eY...E..&.t:F)}Ijd.+. .vJ.R,..NF.Q\.#.^__......t8....htR*.bA......;...j. .J....=...........e.....O.Rk.V...Y...1.~.<.a..i..,7......7....w.%..<..B..E.4M.4M;.E.s....$..e..K...'.~.._...Fob8..~.?.eY..u..r...x.....:.....G7.vww.v:.^.....qV..a8...,o.^.1..m.#.0UU.zE......Q.!t.8....j...m...ca.....W.U&.9..r...^lom.....b.RJ..H.)......^.."..A&.9.U|5c1....a...x1.H.u.n......B..m........x.h......W9.U..!..n.}A....zCQ...@Q..^.7.AXl..>Bh.f.gb...5Bh..l...I.4..@.4..O.fs.!......K.V.....y'.(J.....j...W. ......(.x....grBk..P%X....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\information.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):254
                                                                                                                                                                                                          Entropy (8bit):6.547926800884188
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPLARehlh16BSVVCCVaWqsbfrXW2IK855/gt3tVp:6v/7gKhE0VVxaWjrXW225Yd7
                                                                                                                                                                                                          MD5:E63DA36F919735C308F3A549AB9DE849
                                                                                                                                                                                                          SHA1:D2E037B8FF7D52E8FEFD71334878FA68A083BA18
                                                                                                                                                                                                          SHA-256:84878E61F7605016611FBB49C07F1963C4823B41208162072FBCDA30963301B7
                                                                                                                                                                                                          SHA-512:6EF916C15958E7CDEDA1C6FEDB314585B2C1608936763E6E85877D3E25B9F0D76BB9340BD06F6AD251A363653415EB2CD41611EB1D203D13B190492BF45E6C63
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR... ... ......Tg.....PLTEet-....................tRNS.@..f....IDAT(..... .DA^.(L`u.T..H...bl0E..}.x:;.9...8...Z...W. T..J..?.Y...r=.a.2;hI.xK.a.S.TpY...(._.}.....hEK .`...I...C..k.t.w..JI.J.U...e....UQ....S..y.q..; ....M..{.R....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\question.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 4-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):257
                                                                                                                                                                                                          Entropy (8bit):6.415365056752292
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhPLARehlhx/ATmN3CexVXDfiJasfw6yvwM8p:6v/7gKhxR3HzfiJ3ov3u
                                                                                                                                                                                                          MD5:FC9C3BEA26774AC81478D5A102D2309C
                                                                                                                                                                                                          SHA1:475360264E44712708F262EFC5BA0173FC5B2A58
                                                                                                                                                                                                          SHA-256:98E8DD83FAC047B42FB3DE69F2733B87697CA8A33F54AE12E65D2D88867EF80A
                                                                                                                                                                                                          SHA-512:8EDEE937294990F49F1CE82A5F6A6CFE33594935991A0500B895389C4F78B45AD5E9B30B10FE045294DD2B9FFBBBBF47252E8EB8C33D92F69135ECDF2AB2549B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR... ... ......Tg.....PLTEet-....................tRNS.@..f....IDAT(.....!.DgE.A..D.D.....k................xK.p..5H.(..'hK.9K.k...\\.4..p`.9A..<.gL0".8A9...M.~..._..7.k...6b....I`(K......!&I-.S..%#.C0...I....N.t.....B._..NK...d....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\slider_handle.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 33 x 35, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1551
                                                                                                                                                                                                          Entropy (8bit):7.792886790544157
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:ML/6UyaupoFkgoKOldzUIWx4HYAqmTq5Y0x7y/QDA9bJt+COW04/zPwNOh0dFakX:0/6UyBpoWtKOlnHHY7iKzy+CfMNOSQkX
                                                                                                                                                                                                          MD5:2FEDE459808D27D66E72CC141C247775
                                                                                                                                                                                                          SHA1:FE82356C019458249747C1FD9BA2635A8F697FCF
                                                                                                                                                                                                          SHA-256:8FA5D483D83FE4A9320D524A5396C6C4DF80F48E553B0FDF344B36576236ACDF
                                                                                                                                                                                                          SHA-512:EEDA47AB421CBC535BD30B374D6057BB8B5B2972B5A4564555E301DCD0400A34F99A988E828075BFF0D1198F22F7A47E5620B93B3053A8478E7A4D1DF08AA241
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...!...#......,cd....pHYs.................IDATX..oH.e......e.a....rB,....b!.".Le.Dc...`$.......B...F.,D4.1X0(."..Q.65.?.z...}?..............;.y..>....%..o.).......Q...4..h-....8.$..c........xS...........vuu.v........KJJ.K.^]]._\\.........J......[.y,..`.......#G.UTT.....`..Dz....DB....w..t../4/*^..K..d. |...Uz...o....Z[[.j..<8..VTT........;;;.......x5... ...G..|...Z}e,.s.w......:.....h4~...w._...f.., 9A8O.G...}............QP..\...C...E. K'O.l... "..5.....`.%......<..lnn:.8&......0...r...gwoo.....Pf.V~."..........q..L.8...9....Q[[...g..`.8..Q7....../~*.aBj+5.A.*B.1...u..S.....D......vbj..lwMM.......X...9...)w".3T]]....bfffNB.|..H..'."r..............A....s).p8.utt..h7~.n..E...477.IP(F..5..2Y..!s ..n.Um."q...N)3.|.(....E ..V.tBM 7..3....]ZZ..)B,v.3AH...'7.f..LB......7y.M.@.(.......VfDTl5V|6N.-...t........C..d.|.."......A....1dN..(..sZ.@.......n.E........n..W..;..i.. .....6...D......i\...L.Hp.....N.....a..I..F.o@L.V.KLNNN-,,.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\sunken_frame.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 74 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):623
                                                                                                                                                                                                          Entropy (8bit):7.202049687689328
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7r5/6TFvNygZYD0yL0iRkl+V3tz1VNRJGhxNxNxNxNxNxNxNxNxNxNxadSQgu:e5/6rygZYDp0iRkl+9tz1VjJGhbbbbb2
                                                                                                                                                                                                          MD5:CA1794DACDF01801CE397608EF365155
                                                                                                                                                                                                          SHA1:C126DF19665BEB8F98FE19566611A39CD261A50C
                                                                                                                                                                                                          SHA-256:B4E6F75A256A8153AC362824A8B7DAA29C77008D812C78DDFA48F916A26C9F60
                                                                                                                                                                                                          SHA-512:9BEFA015DB39E33DF451F5FC0A2EFDE2B231398FC7AA1D9B5136A0736027B4D00DF352DEDA603F679B0296EB675937202035EF2850B50CE28D079966910CA55C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...J...=.............pHYs................!IDATx...=N.@.....F..h".+..9.. 7.7..^tIC...X.?...(...J.+.P.c...q..f..m...!$Ir..t.d.4MC...,....p8<.u.j/..e3.`....?..*S;....v.^?F.,.!..O.o...b....7.`e6K..s..O.*...7.............P.%."........W....Q.....X...t.........p..|..>..8.6az..+...._......l.3..v....u.dv..'Vi..x.1E..PL.{&6.;.s..b.,#(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@...@.a...=...%..[e'(...k.........8fW(.].Vw.....K.......p.p(.b..k..n..|..~{.I...i.:2...Qc.a.}...B.4.?o.}p.Yo.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\warning.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 2-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):224
                                                                                                                                                                                                          Entropy (8bit):6.463068668189326
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhP6suFh2DkA1u9mqw3WTKwyLJ8a0a2vro1X2up:6v/7yhFh2DpuYqw3qKzLJnI81X2c
                                                                                                                                                                                                          MD5:BC3BDEA5EF8793CF2437F69181BB01F5
                                                                                                                                                                                                          SHA1:7F37DBA2901F59D2976862C824A9068D02BAAF5C
                                                                                                                                                                                                          SHA-256:05408A124A293DF55CA5D3EB62F373C954075FC7EEF903C96F2559A9F3DBEED0
                                                                                                                                                                                                          SHA-512:82177628BAEC04A2D7FA320F5AE8BADC1525ABE8AF171D8BEA8439D390A5A931B66C9AF43349D3C1748A39BF691BDDAD7F3F29768829D986A08B9B767C9F2148
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR... ... ........g....PLTEe-g...............tRNS.@..f....IDAT..U....0..P.2....%...K.QzD.'....S...iQ..O..e.........=..~.(.....-.0i.....(...(Z........ ....14u(a}.*..Q8.*..3W..<E......@"..N....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\window_border.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 29 x 29, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):371
                                                                                                                                                                                                          Entropy (8bit):7.300004361961238
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhP2/2sN2+Dp4Fs/RHWkx2Q1evgQdWrqALFb2ktDPYPK7I5mGL/CYIYA8QvEl:6v/7HsQ+FasJF2Wey7LF3DWK7I5jGYIG
                                                                                                                                                                                                          MD5:3C059400E675F24F62F21A735D6D86A8
                                                                                                                                                                                                          SHA1:A1C8A945389171C2872BA7CCA7ED25BDBB245134
                                                                                                                                                                                                          SHA-256:9B6B13CF306091BE1274C62D0DD54003935CDBE2AFDDFA23D71BE3360E44213A
                                                                                                                                                                                                          SHA-512:3903DD82D4C03886E4EB4B3931FAE04B211D309CE9E8ED4D9A3D49C9B66AEC432C16834C387F4E84402E9297835FBE50B47BB3A182901BE9A214BD3331ADB82D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR....................:IDAT8....N.0....J. ..D......k4zKj.`..0..dc.].m.d..-I.N.".x..}..b..b%K.\|3.i.\A...C.y..[..r)...O-.P..u....N.!....HcKu^..l.J..C....0fMt..........\.9%.b...y,."...=.`.[(.Kc|...x..F:.R..&...M+.....a.]....P\^..Z.....M......>..t..-49Vp.5.\..;.....Av.jp~.\.#.a.\z...^e........k..)...xsr....D...p"........./...Mb5p.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17475
                                                                                                                                                                                                          Entropy (8bit):4.348278578219007
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:LHq8/cRcYYcYrV2SDsb3I0+/wblTWOsG0A0+uWp:LILYLtO6bq
                                                                                                                                                                                                          MD5:D42367D4EB91F9CA6204EEECCF4823BC
                                                                                                                                                                                                          SHA1:BA8C790F54A5AD1A24F150A21211253B8F7CF966
                                                                                                                                                                                                          SHA-256:768085CBACE8854A3D094DC13FEDA3F1521D647176AF6822436D6E1F1EEA7E98
                                                                                                                                                                                                          SHA-512:5CC4E6866EF2530966662558FA3686AD9BD9C14F0DB26D6297FD94D5D36D85D9E22A49D370D0B1006FAC0B7443771EAA57A1868D2960A013FFFBE34FCDE1624A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtQuick.Dialogs 1.3'....Module {.. dependencies: [.. "Qt.labs.folderlistmodel 2.1",.. "Qt.labs.settings 1.0",.. "QtGraphicalEffects 1.12",.. "QtQml 2.14",.. "QtQml.Models 2.2",.. "QtQuick 2.9",.. "QtQuick.Controls 1.5",.. "QtQuick.Controls.Styles 1.4",.. "QtQuick.Extras 1.4",.. "QtQuick.Layouts 1.1",.. "QtQuick.Window 2.2".. ].. Component {.. name: "QQuickAbstractColorDialog".. prototype: "QQuickAbstractDialog".. Property { name: "showAlphaChannel"; type: "bool" }.. Property { name: "color"; type: "QColor" }.. Property { name: "currentColor"; type: "QColor" }.. Property { name: "currentHue"; type: "double"; isReadonly: true }.. Pr

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\ColorSlider.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5169
                                                                                                                                                                                                          Entropy (8bit):4.536859187559398
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KZgUldGcQWEXgRNCyzWFjj7F6n6Qdt/CZny:KacGPRM2jY6Q6Ny
                                                                                                                                                                                                          MD5:2053BEB17775590145452FF08C214A2D
                                                                                                                                                                                                          SHA1:C659D1D8D08DFFDC300F4E285EB3C9515FAFAD73
                                                                                                                                                                                                          SHA-256:09C0F59403C883BE3DD866A2ADB6BE5F5BE40ED9ABF73109C87BA6627843F3FF
                                                                                                                                                                                                          SHA-512:1FA918BBD8752F61160C43438E0EE420A8ACCD2B44DACDE2D67C3E73C754F84990816EC7C24AFFB387328F4F4FD03B1AA8D91EAAAEE37E88844791FC959B6F77
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\ColorSlider.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:DIY-Thermocam raw data (Lepton 2.x), scale 7168-0, spot sensor temperature 0.000000, unit celsius, color scheme 10, calibration: offset 37778931862957161709568.000000, slope 38092526512210224087040.000000
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10732
                                                                                                                                                                                                          Entropy (8bit):3.0252583497967533
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:LwQidxNOARtcSydoCbzUIy0Yrp8jGW465UNNEbY7g2esV/TmV/9WKFOUaSxq6512:DidxHR6D3sa8pVSVUmOUaUradJwaOg
                                                                                                                                                                                                          MD5:5937FDE2F76FC67466AC5B2FCDFAD1F0
                                                                                                                                                                                                          SHA1:56622543268C721463583D74B96979057A4D49AD
                                                                                                                                                                                                          SHA-256:9822F5573E499339A8852CABB24071529464878D156578FA1434EC817475451A
                                                                                                                                                                                                          SHA-512:19AAC457145B9D3CF6570FF3129AADE2868DCEAF850DD9B9D77A104B2B94E522376054A23952F3871C40F0661EF92583E167912D16179CCCFB97F896CC5ABB29
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)................)....................................................m+'..D.r.jN3k................#...T...X...............`.......`.......`..._...h.......................0.......0.......0.......0.......0.......0.......0...............`...0...x...............(...p...........X...........0...x...........P...........0...x...........`...........8...H...#................... ...........c...s...c.......S...s...c...s...............c...................C.......c...........................................................p........... ...............c...C............... ...................#...#...............c...s...#.......s...C...........0...............#...#...............c...s...#.......s...C...........0...............p............................................................@.......?................@...............8.......8...............2.P.................2.....:.....@...............8.......8...............7.P.................7.....:.....@...............8.......8...............

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\DefaultWindowDecoration.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2923
                                                                                                                                                                                                          Entropy (8bit):4.814473625804855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLZO6E+iCshVKzlOWGf0hEVufy9LwM/iGyHzOyWa4rUsNklW:KZgUldGcQWB3C4sNk0
                                                                                                                                                                                                          MD5:84B553B79DFEC2754C249E7B1D9C9866
                                                                                                                                                                                                          SHA1:8FD19667062607A9221C2715930622A3F6D17290
                                                                                                                                                                                                          SHA-256:27EAD3D6967813CC5C72A357536D0353D6A6C44D5199DC0F7BC918993F3AF846
                                                                                                                                                                                                          SHA-512:98F111F4183E3D94D9D33DA91A128D3855A8028B5C59052E2E318DB5D053D6BE9A08ADAF55B4448E5767AE7BC994D8AC7E2D5E0AA0ECA54E3FD2AF6EFA53A2EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\DefaultWindowDecoration.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5116
                                                                                                                                                                                                          Entropy (8bit):2.8116398092755834
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:/LwWmyIHHEGEbB7gR6YJH+sdq+mNIs3twa6/avL4B2/lw/1:jwWXrFSCnK2a
                                                                                                                                                                                                          MD5:1BB933B05546B77FB5AA50E21CE9D69B
                                                                                                                                                                                                          SHA1:C24C8181D3DDB0BC525256DACC8C9252FB0A8285
                                                                                                                                                                                                          SHA-256:93A064D4CD37A179BEA7FEDC959E32391990C8D2E08F98161FEEA6A695EB2CC9
                                                                                                                                                                                                          SHA-512:E476DF269C1E25A800F49883783D807199C8AEF170E3F5F46CC67B8FEDD57247425B1F129973A4CB731B04D8139E1CDE4950C5F5DA634315352E8F01DAC3A8BA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...................................................................m..O*....\t..................#...)................... ....... ....... .......0...................................................................................................8...........0...........8.......................c...........c........... ...........@...........q...........................a...c...c.........................@...............8.......8...............,.P.................,...........@...............8.......8...............3...................3......L............@...............8.......8...............2...................2...........@...............8.......8...............:...................:.....L...:.....|.H.........@...............8.......8...............;...................;.....L...:.....|.H.........@...............8.......8...............<...................<......L.........>..........@...............8.......8...............=...................=......L.........>..........@.......

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconButtonStyle.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2578
                                                                                                                                                                                                          Entropy (8bit):4.882779279619284
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLZO6E+iCshVKzlOWGf0hEVufy9nCfpAloH:KZgUldGcQWV
                                                                                                                                                                                                          MD5:73FA314C522EBE80DC8F040691686A0A
                                                                                                                                                                                                          SHA1:5497551F284B4001EA41351BAEFAD32DFBBFA9D7
                                                                                                                                                                                                          SHA-256:C97B15440CF90EABF155D6EA8DBD58FE9821D0D4A5B7688EEA84432CDF5E92DC
                                                                                                                                                                                                          SHA-512:DFCD5C6DF85162CA533326C87F9CE1F132ED5A85B192C9F838A419F7F329C63966A04641ACFAD8B15568149D992C33EFA9B3A1AFC094E2BB4BA43BE57794C166
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconButtonStyle.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3976
                                                                                                                                                                                                          Entropy (8bit):2.809891008182157
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:FXggx/SAWhnSoJ1H+DUDfkk7xDXaMDnnrXBC9/f2jAHzDajUsZ0t:tggx/SAWhSoJ1eDUDfk6VxCF2UHA1u
                                                                                                                                                                                                          MD5:6D5FC7DA5BDA5F351DE6A81C57DB595C
                                                                                                                                                                                                          SHA1:A1B8BA3366834C19250F2E493BB7DF7A3E6BEA1D
                                                                                                                                                                                                          SHA-256:F6FD689ED1C8A89B77246B2CBCC45818329EA2ADD91D7EB9827B91A8C5758AC0
                                                                                                                                                                                                          SHA-512:A3901F22F1A8024C2DAE619467DD20532B426C961506D8193415F8138B8327833BAA1944E0BF48EB5EF352D794B2A97789664CC1C8CAA8812483F5B509F2B7E5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)....................................................................R..o..*E..p?.................#...'...................................................h.......p.......x.......x.......x.......x.......x.......x.......x...................x...........p...........H........................................... ...........0.......@...s...P...c...........................@...............8.......8...............4...................4.....:.L...:.H...:.........@...............8.......8...............5...................5.....:.....@...............8.......8...............6...................6.........:.................@...............8.......8...............7...................7.....:.....@...............8.......8...............8...................8.....:.....@...............8.......8...............2...................2.....:.....@...............8.......8...............3...................3.....:.:...........8...X...............X...................@...h...............(...X...........(...

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconGlyph.qml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2253
                                                                                                                                                                                                          Entropy (8bit):4.856978310285491
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MLZO6E+iCshVKzlOWGf0hEVufy9XklypC8Uy:KZgUldGcQWqPF
                                                                                                                                                                                                          MD5:D8710E02063FBE1B4067C084AF031FCB
                                                                                                                                                                                                          SHA1:3DB05373A09ED4A0223228950A145E1F0FF9D2EF
                                                                                                                                                                                                          SHA-256:9E11B7F60E9FDE3C7F923801F226C2211024A1BEDDE78CDFCA94162E53B6CD2F
                                                                                                                                                                                                          SHA-512:FE17C421DAC0F2A31536580F7188B3522379C29BE686C6335D6231FA09F5E8E4DE8B45B0ED6D991A23C8E3794953F2C4F51FF6EEF6DF4FC1B163310F457FA871
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconGlyph.qmlc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2476
                                                                                                                                                                                                          Entropy (8bit):2.6851163636343753
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:NRsZpj2P93zOEmtK/NMbUAJUBk7xDdQDUDyk8CuFwC4GHug0CIYRseu82:N8BUsEmyedSk7xD2DUDf81FwMuCI7382
                                                                                                                                                                                                          MD5:BC90F71DD5CB99DFB9A095222A6372A9
                                                                                                                                                                                                          SHA1:D7F6C479538C1EBC512542935E176E0EC6064E27
                                                                                                                                                                                                          SHA-256:7C67F4595EF8E0385E8FDBEDD2E2670CA341B0ED45A5C4C70117C701CAFF19B8
                                                                                                                                                                                                          SHA-512:98064952FDB84EA7128B23FB1EF8CB46D1B16330BF33225AD70B359FF856AD565AA61DAF739F58B204206577BB5E08CB6C94373F03789B8D11092000CCC0BDCC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)...................................................................4...-.f..@b..jN}................#.......x...............................................,.......0.......0.......0.......0.......0.......0.......0.......0...................0...x...........h...3...#...@.......P...c...S...p.......@...............8.......8...............,.P.................,...........@...............8.......8...............-.P.................-.....:.....@...............8.......8.................P.......................:.....@...............8.......8...............0.P.................0..............|............................................(...P...x...........(............... ...H...p...............(...`...............@...h...................................................................Q.t.Q.u.i.c.k...........................T.e.x.t.................................i.c.o.n.................................w.i.d.t.h...............................e.x.p.r.e.s.s.i.o.n. .f.o.r. .w.i.d.t.h.........

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\icons.ttf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:TrueType Font data, 16 tables, 1st "FFTM", 18 names, Macintosh
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17372
                                                                                                                                                                                                          Entropy (8bit):6.495131950326858
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:GIt1+g9anyxdW0bfQOHib4pD7CpbiAK8Di7TZDIc5DXR:GItJjdW0bfQSpp2bvuygDXR
                                                                                                                                                                                                          MD5:0602541849C19734D8FE4B0357EF96AD
                                                                                                                                                                                                          SHA1:F8059C6F4D69F99BEDE1953DD8E092D09A2A58BC
                                                                                                                                                                                                          SHA-256:BC9A94815F9FBDAAC280F0793BF10EE347262EAF99F869BC1027E61C7DCD5BB8
                                                                                                                                                                                                          SHA-512:0A07486F4D34CC3A3F1AF71F4C99DD12DD230CC36690DBA5A4A3B1002D1F5F8D20007D0AF43878C680824F47950BE9E4BA2A89FDA2227A3E9EC9670126FB5295
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:............FFTMp.^...C.....GDEF.r....C.... OS/2|$IB.......Vcmap%..........Rcvt .......4....fpgm...Y...H...pgasp......C.....glyf..r9......,Phead...".......6hhea.......D...$hmtx.7.i........loca].h....@....maxp.......h... namexUb6..=....<post...2..@X...>prep.k.........{........q..._.<..........,.......,.....U./.h.................R.j.Z./...../.................D.....E...............s...4.#.......\.......z.......z.......1..............................PfEd.@%..@.R.j.Z.i.....................M.......Y...Y...Y......./...Y...........Y...Y...Y...Y...;...;...e.$.e...Y...Y...Y...Y...Y...Y...Y...Y.......;...................................Y...Y...Y.......Y.........../...Y...Y...Y...Y...Y.......Y.../...........................................Y.....................................L...........0............%..@......%.............................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):103
                                                                                                                                                                                                          Entropy (8bit):4.4938650535504765
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:IlTFBuRKL2ETsGQnERKL2zYsoE8FnQi6g0y:2TyQzgGy4Qh5nB0y
                                                                                                                                                                                                          MD5:F69C5417FDACE8F0FE5777F919F0CC6B
                                                                                                                                                                                                          SHA1:31188CB3833AF3D00E7684598AF82605C486FC87
                                                                                                                                                                                                          SHA-256:F1DCCB2C3B5146E810BD0A09F666FF7487AC01F30EBA79F299405E24E03ED3B2
                                                                                                                                                                                                          SHA-512:25DB3A52CE7CC41BBC998387D370CC94BAF201064BF369B34B4B48DDF3B1965F1DDB635AF0CDEDAE2644502A21CE09117AA66BB28F1F1ED80F11C2E4F5D3F41C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ColorSlider 1.0 ColorSlider.qml..IconButtonStyle 1.0 IconButtonStyle.qml..IconGlyph 1.0 IconGlyph.qml..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):295
                                                                                                                                                                                                          Entropy (8bit):4.672674055701312
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:xVa6zeRxMe8oOP2Jz+keSADPTOsysm8ovyda60yHydfa3Cj98Vv:xleXMCbJfebOsRm0hw8F
                                                                                                                                                                                                          MD5:07EE308A95E51E1307173609A33797BE
                                                                                                                                                                                                          SHA1:22F129C701128699D7F9D2ED61C7E63D41A83D87
                                                                                                                                                                                                          SHA-256:DFB9687DA7EF6417F14A2BD5972E0B801535A80017DC8E8C0C7E6553E535EA30
                                                                                                                                                                                                          SHA-512:79442106707AE1716495AF3797D02DAD57E9F60881D52B90DFC237E5536CFB01197B2FC30D0292D2F7A8F691C3B6679043181610127B237CE36804B44401DF35
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Dialogs..plugin dialogplugin..classname QtQuick2DialogsPlugin..typeinfo plugins.qmltypes..depends Qt.labs.folderlistmodel 1.0..depends Qt.labs.settings 1.0..depends QtQuick.Dialogs.Private 1.0..depends QtQuick.Controls 1.3..depends QtQuick.PrivateWidgets 1.1..depends QtQml 2.14..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Layouts\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4729
                                                                                                                                                                                                          Entropy (8bit):4.499794536623487
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:1uxcACwWq5iEgipiKoorzq8vOuNrtvgIOJ0eKJibiy4lw3yL:8qACwWWiEgipiKoorzq8vTNrtvgIOJ5u
                                                                                                                                                                                                          MD5:CDC32B98C2A680E6E33B943263EF405A
                                                                                                                                                                                                          SHA1:69B1022A07B2414B3E41EE25C84DC060B0D10C85
                                                                                                                                                                                                          SHA-256:969F62515DFAEF072E1AEBFA8DD34A8C543D92DC623CB93B3ED3A974C80E2E13
                                                                                                                                                                                                          SHA-512:C8F9C1F34AB8601CC9BB4803AA15C7786615D07BE2E678D1913AF3FCA695ACE1F0ED3FA1F758E75F42B81F946DA74DECBC2338226B9B6A468DB951A2CAAB9243
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: ["QtQuick 2.0"]. Component {. file: "qquicklinearlayout_p.h". name: "QQuickColumnLayout". prototype: "QQuickLinearLayout". exports: [. "QtQuick.Layouts/ColumnLayout 1.0",. "QtQuick.Layouts/ColumnLayout 1.1",. "QtQuick.Layouts/ColumnLayout 1.11",. "QtQuick.Layouts/ColumnLayout 1.4",. "QtQuick.Layouts/ColumnLayout 1.7". ]. exportMetaObjectRevisions: [0, 1, 11, 4, 7]. }. Component {. file: "qquicklinearlayout_p.h". name: "QQuickGridLayout". prototype: "QQuickGridLayoutBase". exports: [. "QtQuick.Layouts/GridLayout 1.0",. "QtQuick.Layouts/GridLayout 1.1",. "QtQuick.Layouts/GridLayout 1.11",.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):130
                                                                                                                                                                                                          Entropy (8bit):4.486904883928531
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BVq+sCeUUucMjQCzvyWmopjD+RLV06qWoZAhoAw:xVqeeUUurjQG8oF+keSAho5
                                                                                                                                                                                                          MD5:E9CA7D1D1F439C9BE217759F619BF102
                                                                                                                                                                                                          SHA1:C8569CB2A6FCB910121AFE65CABCEA65D28375FF
                                                                                                                                                                                                          SHA-256:CB585C2FC06EDCA4B95C9EE04017CD384CAE70356E8DD468ABD7C4FD1E640B59
                                                                                                                                                                                                          SHA-512:A4F1D3D8B825F9B7E9BFD0C7FBAFD7CDF379C28BFBFD8C78DEC27546EC0CCC3871CB9B69DAF12D0A262756593B39E28D47344C075AAAB68998545638BCF214F8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Layouts..plugin qquicklayoutsplugin..classname QtQuickLayoutsPlugin..typeinfo plugins.qmltypes..designersupported..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):78456
                                                                                                                                                                                                          Entropy (8bit):6.448742011076949
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:Jo5sGJUXCSMofxJ7NP8shTYsUGTeX3FzmvOolKB9EfW5P:JEEFRJJiGT23EvORB9/5P
                                                                                                                                                                                                          MD5:F583F86DA65F7DCCB5C9662642D2EA76
                                                                                                                                                                                                          SHA1:E7899F27F810492EA1FB1E9335AAE4542932D65F
                                                                                                                                                                                                          SHA-256:538320755721C8B5E53B17BBB093701205DE50B45332D641BB2036372EE0B893
                                                                                                                                                                                                          SHA-512:6A60DC576F9214E65D17B6E707DE715659BC97F68C3A2C7F63A5D73F4875FA1CA02713124D3F67CF1DAB560E8E88E54DEDCF1BFDD7EC400F4D219C8C9373C50A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ox.O..HO..HO..HFv.HI..H.c.IM..H.f.IM..H.c.I\..H.c.IE..H.c.IM..H.`.IF..HO..H...H.`.IG..H.`.IN..H.`.HN..H.`.IN..HRichO..H........................PE..L...Rl.^...........!........................................................`...........@.........................P................0..X...............x....@......p...T...................l...........@............................................text...{........................... ..`.rdata..xg.......h..................@..@.data...............................@....qtmetadn.... ......................@..P.rsrc...X....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):129347
                                                                                                                                                                                                          Entropy (8bit):4.353850126184248
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/w4mzWW7TUwVrpPFKR8wEsCrO413mtCChAIwU7kowHCCRO:/w4mzxPUw2EsCrO4ZQSU7kvHCCRO
                                                                                                                                                                                                          MD5:E2B590A1F1A8596F646D7E4993BCBB43
                                                                                                                                                                                                          SHA1:2FC7385058C8C55CB75EAD3A62146C9179C04CF3
                                                                                                                                                                                                          SHA-256:5DF0927CE02B8C4FB28DD932F41977019329B2A348E3CC1420819C719460CE6E
                                                                                                                                                                                                          SHA-512:77C43A95B884D99F26BC9ED2078DB759DFE3005A3855822E178D290DD653AF6A3668662CCAACFC7C7ECA3D914E1F23F9CD49AD2F8A2B4A30DE9034028F90EDE9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Templates 2.15'....Module {.. dependencies: ["QtQuick 2.9", "QtQuick.Window 2.2"].. Component {.. name: "QQuickAbstractButton".. defaultProperty: "data".. prototype: "QQuickControl".. exports: [.. "QtQuick.Templates/AbstractButton 2.0",.. "QtQuick.Templates/AbstractButton 2.2",.. "QtQuick.Templates/AbstractButton 2.3",.. "QtQuick.Templates/AbstractButton 2.4",.. "QtQuick.Templates/AbstractButton 2.5".. ].. exportMetaObjectRevisions: [0, 2, 3, 4, 5].. Enum {.. name: "Display".. values: {.. "IconOnly": 0,.. "TextOnly": 1,.. "TextBesideIcon": 2,..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):121
                                                                                                                                                                                                          Entropy (8bit):4.495667221834466
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BVGIjNzeURdUEmsQPcvyWmop8NMXKyxRSfL8SFzy:xVGIjxeUzDz8o5XDCPJy
                                                                                                                                                                                                          MD5:7BE62FE11F4EF9F5E2D21B302503CF4A
                                                                                                                                                                                                          SHA1:B0E22A9D9DE1E25D8F469F59246EEC7EF015A5AE
                                                                                                                                                                                                          SHA-256:45E9D25A1FB0BEE1D44997F86628105814C729929883AC0F4E13BB06496D4461
                                                                                                                                                                                                          SHA-512:FD47123EF70423AD31014922EAACE41697F6AC450E06F5ED3A9C63DF23B621DA08B2D491089AB84577810830D3F985797ADC4987848FAE60F141885C6FC4B3F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Templates..plugin qtquicktemplates2plugin..classname QtQuickTemplates2Plugin..depends QtQuick.Window 2.2..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):282744
                                                                                                                                                                                                          Entropy (8bit):6.524066760497882
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:fc984RKqScsdMQxgcyiCQpZSfyPu5UUh1TROfiVqRXWvTAyuOtVjIUJO31H4VhVC:fa9yBEDswBEBndBeLy
                                                                                                                                                                                                          MD5:DFF5F0B42EC6A3F6D72C15AE34C9568F
                                                                                                                                                                                                          SHA1:E94E09E4478806B3CB50340FAA24674E09E43B05
                                                                                                                                                                                                          SHA-256:E66EF24269067F10A839F009752B3C284356AF9B479DDC27EE4086CFF60466B7
                                                                                                                                                                                                          SHA-512:0302A791342479143AC0F92F9E48B3216A2DC6D576E749BA79DDD54F434DC11B6D3D1D1B03D14CE532F144CC638C74567A7015C0212E48B31526CEA78F6F69E4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A..q/..q/..q/......q/......q/......q/...*..q/...+..q/...,..q/.Z....q/..q..(r/.Z.*..q/.Z./..q/.Z...q/.Z.-..q/.Rich.q/.........................PE..L...Qq.^...........!.....@...........F.......P......................................oE....@.................................D...........`............:..x.... ..@^..0...T...................,...........@............P...............................text...4?.......@.................. ..`.rdata...t...P...v...D..............@..@.data...."..........................@....qtmetads...........................@..P.rsrc...`...........................@..@.reloc..@^... ...`..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Window.2\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14715
                                                                                                                                                                                                          Entropy (8bit):4.185372616992825
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:RyfyibkrKyT5yi+DlslXglI3l8lRlzl8lhlilGIl8lml/4ly4lETohsMi3ideb3e:fOAqDStCRS
                                                                                                                                                                                                          MD5:F0DA864D2BCDB12D5DF2429E1568D916
                                                                                                                                                                                                          SHA1:862ACDDD835D9DB8C6C026C712269FE673B3E6F2
                                                                                                                                                                                                          SHA-256:73DF254FA19AA35EB6CD7A22D0DB32E980EA1C86654C10AB8987FCDBB4418396
                                                                                                                                                                                                          SHA-512:7B3C2D37100412E87E6B271BCC235BBF652C05D71B36B2B57534ACA3A7B701D452F1E46C90B031B9562F1EF8AB8DFF07A7A59016B2E210BD8D60EF8D3274F024
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: ["QtQuick 2.0"]. Component {. file: "plugin.h". name: "QQuickRootItem". defaultProperty: "data". prototype: "QQuickItem". Method {. name: "setWidth". Parameter { name: "w"; type: "int" }. }. Method {. name: "setHeight". Parameter { name: "h"; type: "int" }. }. }. Component {. file: "plugin.h". name: "QQuickScreen". prototype: "QObject". exports: [. "QtQuick.Window/Screen 2.0",. "QtQuick.Window/Screen 2.10",. "QtQuick.Window/Screen 2.3". ]. isCreatable: false. exportMetaObjectRevisions: [0, 10, 3]. attachedType: "QQuickScreenAttached". }. Component {.

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Window.2\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):122
                                                                                                                                                                                                          Entropy (8bit):4.531514845496093
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3BVfL8SyVMSKBK+6ovyWmopY9d+RLV06qWoZAhoAw:xVPGMSatz8oOX+keSAho5
                                                                                                                                                                                                          MD5:C434589591A9B33CBE88891AFBB7C144
                                                                                                                                                                                                          SHA1:42476FB63F3CF463B4BB03B47048AA0918E588B5
                                                                                                                                                                                                          SHA-256:8D88B81547E1573F8C91DF998EA82608E0A79770B014C82F760A67388B41945A
                                                                                                                                                                                                          SHA-512:5A09830970EA37942166C1E5E5CE0FE452290EB9CD662FFAA9858BDB61806CAA03B1016D30C98871A7B6C8FDFA369E29E3940A5F9779D967B98EDE5901F4D30F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module QtQuick.Window..plugin windowplugin..classname QtQuick2WindowPlugin..typeinfo plugins.qmltypes..designersupported..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):43640
                                                                                                                                                                                                          Entropy (8bit):6.240279259880374
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:A++sZ5NjiiDJ6nRKCZfgKSaMhxCTlIXsi9tbmzS:WsZ5NjfGfvsPCTlQsi9tiW
                                                                                                                                                                                                          MD5:7AA0050F5909BB06C31BE677C7D4B87B
                                                                                                                                                                                                          SHA1:5B5BF642083819493CDA3687C9C93AF989DCC8BF
                                                                                                                                                                                                          SHA-256:D999B7E7945EBC31C033F31074BD581438E9E7CC90FF5804A91E5BE53D28A31A
                                                                                                                                                                                                          SHA-512:92141820922329C5A984150EA45E1519DA7AB353D2281B121C3A01ACD7F941A16CAFFEBFBCC3DDF876707D609CF5FF5645F90BCD2210E18A2CA458345E900114
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..$ha.wha.wha.wa.Kwla.w...vja.w3..vja.w...vza.w...vba.w...vja.w...vaa.wha.w.a.w...vka.w...via.w..'wia.w...via.wRichha.w........PE..L...Hl.^...........!.....4...`.......;.......P......................................g"....@..........................p..|....q..........P...............x.......`....c..T...................|d.......c..@............P.. ............................text....3.......4.................. ..`.rdata...F...P...H...8..............@..@.data...............................@....qtmetado...........................@..P.rsrc...P...........................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13525
                                                                                                                                                                                                          Entropy (8bit):4.017315814696107
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:epomn6ymnymx/yT5yTyg45y4yfex/yhx/yIx/ytx/yex/yhx/yIx/ytx/yJ4QE1R:7Qr9bXmrQWCoO
                                                                                                                                                                                                          MD5:3E72475117B4FCA01344C01E945D2E4E
                                                                                                                                                                                                          SHA1:EF8B4C4D6AED02CB47F924B61B75C6845AEABEFE
                                                                                                                                                                                                          SHA-256:5F3888C687398413E1273BC7380FDFA50CBD3D502EB9FF3F63B40BD4D66F29BD
                                                                                                                                                                                                          SHA-512:E707604DDA8CBA8B3F677175957F02EE220F95CE6CECEF06736C37252E0983D14C5FD792355614D16A06C2004F8FD886F4C15A19A60013FB18873025C5E40637
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: ["QtQuick 2.0"]. Component {. name: "QAbstractItemModel". prototype: "QObject". Enum {. name: "LayoutChangeHint". values: [. "NoLayoutChangeHint",. "VerticalSortHint",. "HorizontalSortHint". ]. }. Enum {. name: "CheckIndexOption". values: [. "NoOption",. "IndexIsValid",. "DoNotUseParent",. "ParentIsInvalid". ]. }. Signal {. name: "dataChanged". Parameter { name: "topLeft"; type: "QModelIndex" }. Parameter { name: "bottomRight"; type: "QModelIndex" }. Parameter { name: "roles"; type: "QVector<int>

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):128
                                                                                                                                                                                                          Entropy (8bit):4.415318118360758
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3B3JPAyWxA5pUIIHWxAiCzvyWmxoA5MWbs1Oe+RLV06qWov:x5PT5pUIITiCD8W6g5+key
                                                                                                                                                                                                          MD5:DF20F8FC4BD37E9D47303359FE2EC138
                                                                                                                                                                                                          SHA1:673181FAB53765864747A1833026D018DED7EFBD
                                                                                                                                                                                                          SHA-256:F75BB323DFC225D171DB112E509E34CC7450786CB7120DF4B1F085A510DFB739
                                                                                                                                                                                                          SHA-512:69132E229DA823E51D99BD3851F79C52E95C20F05AF4B6C275450F87FE4EC906C6B31FD16853AABFE557642E16D8C719DB3C4A1D73031BA0493DE49682D9028D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module Qt.labs.folderlistmodel..plugin qmlfolderlistmodelplugin..classname QmlFolderListModelPlugin..typeinfo plugins.qmltypes..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):52856
                                                                                                                                                                                                          Entropy (8bit):6.423874077004756
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:DiJrsMKToqEk14FijQj47polNAwnufS1FuF:DiJFKTdpsAwnufOsF
                                                                                                                                                                                                          MD5:2B1ED7D4F662B1ADE40F7A90D873CBF2
                                                                                                                                                                                                          SHA1:FDDFA146EBBC50BA5C30127F8BF8F1201997A7B7
                                                                                                                                                                                                          SHA-256:78F03FD361278D5CD2AB3DE743077D6C0989A5915E9C83AF5E1E949112F38240
                                                                                                                                                                                                          SHA-512:EC65725CE945A0C84ACD3F23E330AB304C356DEB8EBFAC93BBD4151F07A984D9A4F9141376BAC3011A48BEDB4ED54BEFAF2F9349FCADB10DD3137824E69366D5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[...[...[...#...[..S6...[...3...[..S6...[..S6...[..S6...[...5...[...[..j[...5...[...5...[...5t..[...5...[..Rich.[..........................PE..L...=l.^...........!.....T...d.......Z.......p......................................Z.....@.............................................h...............x...............T..........................H...@............p...............................text...;S.......T.................. ..`.rdata...K...p...L...X..............@..@.data...............................@....qtmetady...........................@..P.rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt\labs\settings\plugins.qmltypes

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1131
                                                                                                                                                                                                          Entropy (8bit):4.265226415596101
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:I8BF9dN7/1vFVXTLXxEs4rAZ3rNiyrAZyr+9ZkiyOL:I8BFZ7HNfxEs4MZiyMyKrkiyOL
                                                                                                                                                                                                          MD5:6669D4C46230AB0F3481099D627FFB99
                                                                                                                                                                                                          SHA1:14A4ABF7A8C0A11198EE52D520D58BF57AEB0DF3
                                                                                                                                                                                                          SHA-256:79BF121D97758B4F7982BECB71D50A39C4EF65161857279CB5E53ABC84C4BFEB
                                                                                                                                                                                                          SHA-512:162D2B7FDAB2E229FDB1E9AA065F948EAF09D1FB3AF9E434B5B3FACF7A236C4E3AD3E90921C812DA949A51B33594C80BCBF6900BBBD49CD2AFA9850BA350DA6F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: []. Component {. file: "qqmlsettings_p.h". name: "QQmlSettings". prototype: "QObject". exports: ["Qt.labs.settings/Settings 1.0"]. exportMetaObjectRevisions: [0]. Property { name: "category"; type: "string" }. Property { name: "fileName"; type: "string" }. Method { name: "_q_propertyChanged" }. Method {. name: "value". type: "QVariant". Parameter { name: "key"; type: "string" }. Parameter { name: "defaultValue"; type: "QVariant" }. }. Method {. name: "value". type: "QVariant". Parameter { name: "key"; type: "string" }. }. Method {. name: "setValue". Parameter { name: "

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmldir

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):107
                                                                                                                                                                                                          Entropy (8bit):4.282225142848317
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3B3ERMxyjeUItojQEvyWmxN3Mx15+RLV06qWov:xUmyjeUIS/8vY15+key
                                                                                                                                                                                                          MD5:B1F564E1CEC8D91FFA94C36EDE2A8F24
                                                                                                                                                                                                          SHA1:4A04351CF163036E4A56967E4ECA872A93E4E0BC
                                                                                                                                                                                                          SHA-256:49522AF40488E52E8A1DEDA8B51F591DF1ACCA1605336784EB7D4299E5AF02EC
                                                                                                                                                                                                          SHA-512:FB5558F86F0553EBE9F592C1D1EE834194ACC023E6D292E9D543F30C664BF8939AF302141ABFDD300EE5FECCECD2196E22E6DFCBA604E0FEA1C6B888A33AE5B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:module Qt.labs.settings..plugin qmlsettingsplugin..classname QmlSettingsPlugin..typeinfo plugins.qmltypes..

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):35960
                                                                                                                                                                                                          Entropy (8bit):6.394597927048915
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:l0jDCRVymBRFKs+HfMTvqqiqxfNOxlqUX+sE6bImzKi:l2GRVfRFKNfhqiSfNOxl5+sE6bhx
                                                                                                                                                                                                          MD5:0CEF580E869FFA3DEB4A1049BBDEF981
                                                                                                                                                                                                          SHA1:4478E9092459C97AA8C816DA26DA2E4971B295F1
                                                                                                                                                                                                          SHA-256:C9338EE5D42B8469091A31A8C24B662A6E64E84063EDBEB0D5685438CE729211
                                                                                                                                                                                                          SHA-512:AB29D70BC9BAE5FF9DAA175C2AFC13CFD347EEB9DF6435FFECF3516F1D0915E65E9DB8C641A72667E24AE543E1E41F9D7CF1E0EE63F8659CCE63CEF7D4E076D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g..|...|...|.......|..3....|.......|..3....|..3....|..3....|..z....|...|..y|..z....|..z....|..z....|..z....|..Rich.|..................PE..L...7l.^...........!.....4...B.......:.......P............................................@......................... c.......c..........X............v..x...........pY..T...................lZ.......Y..@............P...............................text....2.......4.................. ..`.rdata...,...P.......8..............@..@.data................f..............@....qtmetadl............h..............@..P.rsrc...X............j..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\Win32\Installer.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):143016
                                                                                                                                                                                                          Entropy (8bit):6.608198085006274
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:66w9LndvyHLczOspva8ntkKhlYtzhBRzuWciMPKL42HJTb8WHT9RSMBCbS8nF+:5w9LnQQz3S8lYvqWTMPeH7SywfnF+
                                                                                                                                                                                                          MD5:F130B346B2A5E67DE0AFD459D9A3A1D6
                                                                                                                                                                                                          SHA1:6BE38CFF4C02B244A1ECEC247BEA2153A6B34BB6
                                                                                                                                                                                                          SHA-256:6E430C27DE62D7FB13006D5E4DCF1E9D5F903E4B5473C01FA10DB4DA6B6725B4
                                                                                                                                                                                                          SHA-512:D62CE04834C7DC22C0A41B317F8306ED7CC41253B65AD7AC3860D7C2322CD8BBB40013F7826643D9F1E6449149E9C5FC31E9717CE4927BB768BC92FA74A64B0D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A../.../.../...,.../...*.../...+.../....../...+.../...,.../...*.../......./......./.=.&.../.=..../......./.=.-.../.Rich../.........PE..L......b.................f...........K............@..........................P......_U....@.................................`...x.... ...................*...0......H...p...............................@...............T............................text...ge.......f.................. ..`.rdata..^w.......x...j..............@..@.data...............................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\d3dcompiler_47.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3466856
                                                                                                                                                                                                          Entropy (8bit):6.444422172074855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:PyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ6:E9fWAwVBC8MH2JNSF8+YPsXqUT6
                                                                                                                                                                                                          MD5:C5B362BCE86BB0AD3149C4540201331D
                                                                                                                                                                                                          SHA1:91BC4989345A4E26F06C0C781A21A27D4EE9BACD
                                                                                                                                                                                                          SHA-256:EFBDBBCD0D954F8FDC53467DE5D89AD525E4E4A9CFFF8A15D07C6FDB350C407F
                                                                                                                                                                                                          SHA-512:82FA22F6509334A6A481B0731DE1898AA70D2CF3A35F81C4A91FFFE0F4C4DD727C8D6A238C778ADC7678DFCF1BC81011A9EFF2DEE912E6B14F93CA3600D62DDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0.X.0.X.0.X=.DX.0.X=.EX.0.X..DX.0.X..FX.0.X.0.X.0.X..@X.0.X..EX.0.X..AX.0.X..XX@0.X..BX.0.X..GX.0.XRich.0.X................PE..L...n..R...........!......1.........7.0.......1..............................`5.......5...@...........................1.u... .2.d.....2.@.............4.h<....2....p...............................h...@.............2. ............................text...%.1.......1................. ..`.data...<.....1..^....1.............@....idata........2.......1.............@..@.rsrc...@.....2.......1.............@..@.reloc........2.......2.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\imageformats\qgif.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32888
                                                                                                                                                                                                          Entropy (8bit):6.346916120757264
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:tUloNMPxQCjXHAjBrqzhG+2iDG4OeEUX0OGthZNkmzh:tUSSjXyqtV2iDG4OeE00OGthfl9
                                                                                                                                                                                                          MD5:A7D24E2226FF09208E22FC6F70BF0DE7
                                                                                                                                                                                                          SHA1:D183A06CAAD8E22B8A3B3DBEBA07E6B43D0D8AF6
                                                                                                                                                                                                          SHA-256:6356257682FB64D28AD68DEBEA96E1A0104C273E8838953459A110933F0A84BE
                                                                                                                                                                                                          SHA-512:017F52FC7069950F1A125F866057739E121525510232595CFDBC7E420BFF6AE1F1E72E3473FADC2A7A8A6A8C632B8B9781639A3F6408AAFB55C65DFBC89A16B8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............V..V..V..8V..V..W..V..W..V..W..V..W..V..W..VK.W..V..V...VK.W..VK.W..VK.TV..VK.W..VRich..V................PE..L......^...........!.....:...0.......?.......P.......................................`....@.........................p\..t....\..........@............j..x.......`...0T..T...................,U.......T..@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data........p.......\..............@....qtmetads............^..............@..P.rsrc...@............`..............@..@.reloc..`............d..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):372344
                                                                                                                                                                                                          Entropy (8bit):5.643261443998488
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:FxR84U9TnBEMOMiotCktRTcsLUaEL3lsVTFlXZVctk3cl/m8Zv:FlUFYktRfaslPwv
                                                                                                                                                                                                          MD5:35AA301AF3284B1349C4229B8937C895
                                                                                                                                                                                                          SHA1:C14051DA721E891A28EA2D4EE23678B7048D4324
                                                                                                                                                                                                          SHA-256:8A7B522660C91AA5463C5A9534C9B4959E3055448E6B9428ED8F1352549B088C
                                                                                                                                                                                                          SHA-512:A023A17A6AE626269B851C4E4BE15CA1A860E357036697201510F890FA3BD16B45D786011C2DF452183DBF6941DB21B7CAB88D6F54A6D08F3826E51AA1C65F2D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................(...........(.....(.....(.....a.......>.a.....a.....a.....a.a...a.....Rich..........................PE..L...M..^...........!................[.....................................................@..........................u..t....u..........@...............x............l..T....................m......(m..@............................................text............................... ..`.rdata..............................@..@.data...............................@....qtmetad............................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\libEGL.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21624
                                                                                                                                                                                                          Entropy (8bit):6.335138990058209
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:sMzcGfljVpowLjd265DovnfePPLTTjakP:7cmHpowLjM6ZovmzB
                                                                                                                                                                                                          MD5:E0E4011346A86083A0EC8EB01136D0BA
                                                                                                                                                                                                          SHA1:B9FB0D74C5CB3749D1838CAC43F08F6718216970
                                                                                                                                                                                                          SHA-256:411966CE4F8FEBB2FE3AB84B97ED9FB9062AB60C6211FC3B3E4A25A5EE607ECB
                                                                                                                                                                                                          SHA-512:959708C61CDA4E51074C29B23ADD0AC5F2EB86EC5C6128EE35214D7130D94A8A85BD97697DC0F447A1BFAFB886E995BF6E63E0FE56BE182ABCDE60EDE9C13F43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?O0.{.^.{.^.{.^.rV..y.^.C_.y.^. F_.y.^.C[.p.^.CZ.q.^.C].z.^..@_.x.^.{._...^..@[.z.^..@^.z.^..@..z.^.{...z.^..@\.z.^.Rich{.^.........................PE..L......^...........!.........*...............0.......................................|....@..........................5.......>..d....`..H............>..x....p.......1..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....rsrc...H....`.......6..............@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\libGLESv2.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2925688
                                                                                                                                                                                                          Entropy (8bit):6.529644561772599
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:eOqGmGKva4l6Q35w+wt0fU6tNPnIQQVe1ebDrSsfS1ke:nUlfJw+jPtZnPQVe1eg
                                                                                                                                                                                                          MD5:CB9B4E963A78FBFB70E13BDF30509235
                                                                                                                                                                                                          SHA1:51F79DDFE15E18439E0F9B9291FB389378788235
                                                                                                                                                                                                          SHA-256:DE7DABF9C1BC8D0BF448EFAE15F9FBB32FA3BCD0DC676F1F7696B8DE0662B6F4
                                                                                                                                                                                                          SHA-512:FAB47EA198A92E595E97EC00C1A7BF7F28140812C1AD3B858BECBA0D90581B36BDF9A5308037BE01234B299ED30F9EB76D654D594D239897EA7226BF71C6C017
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............x......4m......4m......4m......4m.......h..............}n......}n......}nc.............}n......Rich....................PE..L......^...........!.....r"..&.......{ ......."...............................,......C-...@...........................)..\..dM*.......+.P.............,.x.... +. ....o'.T....................p'.....ho'.@............."..............................text....q"......r"................. ..`.rdata........"......v".............@..@.data........p*......T*.............@....rsrc...P.....+.......*.............@..@.reloc.. .... +.......*.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\libcrypto-1_1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2572288
                                                                                                                                                                                                          Entropy (8bit):6.228854695457455
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:zjx8dBGfQB1u9mNSFOOSv0M+8F4lg1CPwDv3uFZjNsr:zjx8XGoPOXM+8j1CPwDv3uFZj
                                                                                                                                                                                                          MD5:D588D5B4162D2C66071A171A903AC8A1
                                                                                                                                                                                                          SHA1:609014CAEDBCDBEC2545183519A7F9949838BF52
                                                                                                                                                                                                          SHA-256:F1B06DB34B6BC09738FA66AC2103F7F47BA58F9BB6D1A518112F42846B6DC8EA
                                                                                                                                                                                                          SHA-512:C6238D1692589EAC2AD15A79817D2CFC068DB0EC6FF77F543C5837DEDDF1E4CFFCF9C851FDB30AC295384B74397E218C2E5F5D60BFA132E5F6C7A23D314E468C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..E=.h.=.h.=.h.4...).h...i.?.h...m.6.h...l.7.h...k.7.h.).i.0.h.=.i...h.=.h.*.h...l.J.h...h.<.h....<.h...j.<.h.Rich=.h.................PE..L...b9!`...........!................'f........................................'...........@..........................#..f....&.h.....&.|.....................&.<...p.#.8.............................#.@.............&..............................text...V........................... ..`.rdata..T...........................@..@.data...8\... &.......&.............@....idata........&...... &.............@..@.00cfg........&......<&.............@..@.rsrc...|.....&......>&.............@..@.reloc........&......F&.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\libcurl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):395840
                                                                                                                                                                                                          Entropy (8bit):6.649489147346388
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:TmSw8G4TKuYmtegamcAWcim56NweeJRm5uDQqTDKuO7EKTzzsGY:ySJPYmIvufm5uDQ1TY
                                                                                                                                                                                                          MD5:E5064ADFBC48E3FB81F09E7B8E78D49D
                                                                                                                                                                                                          SHA1:887FD08CB3C2989A9D88ADC9717D3EC00AB97462
                                                                                                                                                                                                          SHA-256:4BFCAEE356CF1B99D3DBC03D42018FCFC29271C6A72B373343D24C45A7569489
                                                                                                                                                                                                          SHA-512:0ADB6675AD6DE574C4CDBA3E48CBB37901E6E8EF37A92B481D441A6DAFE2726BB9432B7DB7612040FF30EC490D8EBDC0EB8BDD1AD58B9BB53EAB905934679A93
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W...>...W...7...W...X...W.....].W.......W...V.p.W.......W._....W._.....W.=.....W._.....W.Rich..W.........................PE..L....>.V...........!.................................................................................................z.......o..d.......................@.......x3..................................Po..@...............d............................text....{.......................... ..`.rdata..............................@..@.data....-..........................@....rsrc...............................@..@.reloc..h;.......@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\libssl-1_1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):535040
                                                                                                                                                                                                          Entropy (8bit):5.7142547623734785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:OYS5Z/y5LERhWYyimYkZtmjQ95sU2lvzg:OY4pyVIkKjKyU2lvzg
                                                                                                                                                                                                          MD5:4A1BD71115017098E6B75570A61B6DC3
                                                                                                                                                                                                          SHA1:C8B54B50091CCE9F963EE6CC4E91DF328C564C9E
                                                                                                                                                                                                          SHA-256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
                                                                                                                                                                                                          SHA-512:1AE19F5FA4AC2559AC910824A159A2265BE1B895EF56E8D7F7A5A999DA198F01FD0536534BCD6A6039DABEBA74D2A308FF137D5A699892C3C8C0CD5B84EF3266
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............y^..y^..y^...^..y^..x_..y^..x_..y^..|_..y^..}_..y^..z_..y^,.x_..y^..x^[.y^,.}_..y^,.y_..y^,..^..y^,.{_..y^Rich..y^........PE..L...d9!`...........!.........0.......".......................................p............@..........................*...N........... ..s....................0..,6......8...........................@...@............................................text............................... ..`.rdata...h.......j..................@..@.data....;.......8...h..............@....idata..*A.......B..................@..@.00cfg..............................@..@.rsrc...s.... ......................@..@.reloc...=...0...>..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\lum_sdk32.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6217208
                                                                                                                                                                                                          Entropy (8bit):6.070211079857083
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:EDZ+V+Dhx32N7bK4tpJ5+8kRJ0o+dEZCNuIO:E8V+1x32N75tpJ5+8kRJ0BE84IO
                                                                                                                                                                                                          MD5:EA7ED078C57A91C931B9456385274F98
                                                                                                                                                                                                          SHA1:1B03A46A6F9C3AB0729F72BDFFD27AE341F0264D
                                                                                                                                                                                                          SHA-256:45EB78E11449D6BEA6D986C0DF46F353061DFB2BF7721146B297ABF652673603
                                                                                                                                                                                                          SHA-512:E339859EE994DCDB91D2ECDC01FC442F03F99C48E7662987D04D3B6FA2DC2F6143DC4F9990BE3A17997C4906387EB283982CF05ECD9737D4F04122BC93EABD90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..h..;..;..;..v;4.;..H;..;..w;..;.Ix;..;..;..;b.v;..;b.K;..;..L;..;...;..;b.I;..;Rich..;........PE..L.....Uf...........!..........[...............................................^......._...@..........................Q......0g..x.......p.Z...........^..Q....^.$.......8....................H......XH..@...............\............................text...N........................... ..`.rdata..>...........................@..@.data...l:...........`..............@....tls.................t..............@....rsrc...p.Z.......Z..v..............@..@.reloc..$.....^.. ...l^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\net_updater32.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8401400
                                                                                                                                                                                                          Entropy (8bit):6.343180422651724
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:Nb7gZJYED6cMBHwexEiElQ8V+1x32N75tpJ5+8kRJ0BE84Ik:Nb7gZJYED6cMBHwexFE2ti5E8g
                                                                                                                                                                                                          MD5:4838EAD50C839748321DCBE06D387488
                                                                                                                                                                                                          SHA1:D97BD40782EDB8534CD5BE9C09BA60071C9F95F3
                                                                                                                                                                                                          SHA-256:001CB459AD0D0A9DB55707A5545EFDAC5706920D6C8FC1B6F19788F807114EFE
                                                                                                                                                                                                          SHA-512:672E49CF0CF5A1121D18A93945A7AB9D0E8AB153E960D1A60D8FBF58F1A55C09EFDA206595C401BCF6F6626A0AA76672037BB22D8C76FB63D5560AA72E25C0FA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yod(...{...{...{.v.{...{...{...{...{...{...{...{...{...{.j.z...{.j.z...{.j.z...{rx.{...{.j.z...{...{<..{...{...{.j.z...{.j.{...{.j.z...{Rich...{........PE..L....Uf.....................Pi...................@..........................@....../....@.................................|...,.... .8.^..............Q......H/..@w..T....................w......h...@...............@...L...@....................text.............................. ..`.rdata...........0..................@..@.data....O..........................@....rsrc...8.^.. ...^.................@..@.reloc..H/.......0....~.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\opengl32sw.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15995904
                                                                                                                                                                                                          Entropy (8bit):6.353584600934879
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:rNkEXgt/UOdyRLjqkmbBDrta60HYUnuedxO0g//NuPyEMO32ovq:rN1QtXdyRLjqNbBDrta60HYUpO0Q/NuZ
                                                                                                                                                                                                          MD5:8B197F55264A44B7B25046F7BA5BD7D2
                                                                                                                                                                                                          SHA1:CEF69E168160968E00FFFFA136E1AF7819E7C0CE
                                                                                                                                                                                                          SHA-256:25AE7577E066FA80519A8F1C314B15CDD22E4A8D3ECD2A36ECCC79E40714A91D
                                                                                                                                                                                                          SHA-512:6AF2B1B17A7E3460099359A6750221AACB8F9CE0E80B346DBAFD2CBD8E579543B980F98E0AEB199E0781A045C9D6A7F2F11C8628F960C13550328487B7FA9154
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l%..K...K...K.......K.......K.......K.;.....K..PH...K..PN...K..PO...K.......K...J...K..PO...K..PN.I.K..PC...K..PK...K..PI...K.Rich..K.........PE..L.....`W...........!..........H......D....................................................@..........................v.....t...........................................T...........................X...@............................................text............................... ..`.rdata....<.......<.................@..@.data...pp... ......................@....gfids..............................@..@.tls................................@..._RDATA..............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\platforms\qwindows.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1240184
                                                                                                                                                                                                          Entropy (8bit):6.834178641612678
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:X3egriwnmpC67XXG3dD05X3+sB/ChoVPAQmbZUTDd:Xm43WxL6uTp
                                                                                                                                                                                                          MD5:1E6793D71EB9DEB7AD943AABBBB17240
                                                                                                                                                                                                          SHA1:0132E7D887C4F6F4C41D5E685644FD8C700D87FE
                                                                                                                                                                                                          SHA-256:6B9E0CC5F72B8FDDD16AE0EF7A14E64BC0EAFCDB4D5F74B2C12194241D66407D
                                                                                                                                                                                                          SHA-512:E681370CDA413C90ACE86D48F7C769CA1121E55688EDDB6C46750F362498F30AA7FD5A7E1FE4FACD2BC8A2598F0BB37847B634C05963EAFBA6F0A8048B777D89
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;...............v.(.k.....j.....u.....w.....{...$...|...$...~.....{.....X...$...j............6.....~.....D.~.....~...Rich............PE..L...j..^...........!.........n......z........................................P.......Q....@............................x...X........p..H...............x........... |..T....................}......x|..@...............h............................text...[........................... ..`.rdata...@.......B..................@..@.data....Y..........................@....qtmetad.....`......................@..P.rsrc...H....p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\DriverHub\x64\Installer.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):181424
                                                                                                                                                                                                          Entropy (8bit):6.355178616059097
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:cTfhJ/yAmYYG6o9fKoGQt6/qzEK1COmIi0RKvmkBajnd:c3mYMo9iabVfiUZ
                                                                                                                                                                                                          MD5:54E9828639D39704DE9ECC955A71EFE1
                                                                                                                                                                                                          SHA1:110AFF5704E13B9F81414D084D92054F3A28D970
                                                                                                                                                                                                          SHA-256:D08D70E7059021C98E7DC1B2ED1AC3649DE214D426060DBF8B61E9BAC427382A
                                                                                                                                                                                                          SHA-512:3715F9A8D167AD760EAFAEF8D3EBE6A9F548CEC252DFB18D3BF149DB60C83BDC4FBB5FBAB6B9B05A0EDA4DE9C1471C34549CF35AB6114599CA4E4BF3BA63EC6A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........QX..06..06..06..[2..06..[5..06..[3.k06._...06.E2..06.E5..06.E3..06..[7..06..07.06.@E?..06.@E...06..0...06.@E4..06.Rich.06.........................PE..d......b.........."..................O.........@....................................'.....`..................................................o..x...............D........*...........K..p...........................PL..8............................................text.............................. ..`.rdata.............................@..@.data...P............f..............@....pdata..D............r..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\Stats.ini (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.26022303582626843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:QoFMUxuhugapagqKypepL4uOQVQQQlQGBQjQ/YyYHp6pvJaJWIOggIGOo4IAalBz:vFMhuF0Oj96JTJRuuyKPK5axx8EIF4
                                                                                                                                                                                                          MD5:54137BD12D90D5DA9BA3D748FB54AE2E
                                                                                                                                                                                                          SHA1:D7B51B98D1BF2C5BC7E2A654FA6DB6A7DE7A26DF
                                                                                                                                                                                                          SHA-256:57E453533DC10AD936296A8511C1621E1AE295F32801CF043EF254BA39B58E4D
                                                                                                                                                                                                          SHA-512:E36A294E426452B533CA74E55860BC90F5C48A648791DCC2EFFBD5964FAAAB48A0BD1FE8F46DD8D501DE2F2CD3995A4F3E7A05B48666B2CEC2AE91F6B1FC1919
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.i.s._.a.v.g._.c.o.r.e.=.6.....a.i.s._.c.m.p._.b.p.c.=.6.....a.i.s._.c.m.p._.c.l.e.a.n.u.p.=.6.....a.i.s._.c.m.p._.c.l.e.a.n.u.p._.x.6.4.=.6.....a.i.s._.c.m.p._.d.a.t.a.s.c.a.n.=.6.....a.i.s._.c.m.p._.g.a.m.i.n.g.m.o.d.e.=.6.....a.i.s._.c.m.p._.g.a.m.i.n.g.m.o.d.e._.x.6.4.=.6.....a.i.s._.c.m.p._.h.d.s.=.6.....a.i.s._.c.m.p._.h.d.s._.x.6.4.=.6.....a.i.s._.c.m.p._.i.d.p.=.6.....a.i.s._.c.m.p._.i.d.p._.x.6.4.=.6.....a.i.s._.c.m.p._.r.e.s.c.u.e.d.i.s.k.=.6.....a.i.s._.c.m.p._.r.e.s.c.u.e.d.i.s.k._.x.6.4.=.6.....a.i.s._.c.m.p._.s.e.c.d.n.s._.h.l.p.=.6.....a.i.s._.c.m.p._.s.n.x._.c.o.r.e.=.6.....a.i.s._.c.m.p._.s.n.x._.c.o.r.e._.x.6.4.=.6.....a.i.s._.c.m.p._.s.w.h.e.a.l.t.h.=.6.....a.i.s._.c.m.p._.s.w.h.e.a.l.t.h._.x.6.4.=.6.....a.i.s._.d.l.l._.e.g.b.=.6.....a.i.s._.d.l.l._.e.g.b._.x.6.4.=.6.....a.i.s._.g.e.n._.a.r.d.i.s.k.=.6.....a.i.s._.g.e.n._.a.r.d.i.s.k._.x.6.4.=.6.....a.i.s._.g.e.n._.a.r.p.o.t._.c.o.r.e.=.6.....a.i.s._.g.e.n._.a.r.p.o.t._.c.o.r.e._.x.

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\Stats.ini.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.26022303582626843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:QoFMUxuhugapagqKypepL4uOQVQQQlQGBQjQ/YyYHp6pvJaJWIOggIGOo4IAalBz:vFMhuF0Oj96JTJRuuyKPK5axx8EIF4
                                                                                                                                                                                                          MD5:54137BD12D90D5DA9BA3D748FB54AE2E
                                                                                                                                                                                                          SHA1:D7B51B98D1BF2C5BC7E2A654FA6DB6A7DE7A26DF
                                                                                                                                                                                                          SHA-256:57E453533DC10AD936296A8511C1621E1AE295F32801CF043EF254BA39B58E4D
                                                                                                                                                                                                          SHA-512:E36A294E426452B533CA74E55860BC90F5C48A648791DCC2EFFBD5964FAAAB48A0BD1FE8F46DD8D501DE2F2CD3995A4F3E7A05B48666B2CEC2AE91F6B1FC1919
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.i.s._.a.v.g._.c.o.r.e.=.6.....a.i.s._.c.m.p._.b.p.c.=.6.....a.i.s._.c.m.p._.c.l.e.a.n.u.p.=.6.....a.i.s._.c.m.p._.c.l.e.a.n.u.p._.x.6.4.=.6.....a.i.s._.c.m.p._.d.a.t.a.s.c.a.n.=.6.....a.i.s._.c.m.p._.g.a.m.i.n.g.m.o.d.e.=.6.....a.i.s._.c.m.p._.g.a.m.i.n.g.m.o.d.e._.x.6.4.=.6.....a.i.s._.c.m.p._.h.d.s.=.6.....a.i.s._.c.m.p._.h.d.s._.x.6.4.=.6.....a.i.s._.c.m.p._.i.d.p.=.6.....a.i.s._.c.m.p._.i.d.p._.x.6.4.=.6.....a.i.s._.c.m.p._.r.e.s.c.u.e.d.i.s.k.=.6.....a.i.s._.c.m.p._.r.e.s.c.u.e.d.i.s.k._.x.6.4.=.6.....a.i.s._.c.m.p._.s.e.c.d.n.s._.h.l.p.=.6.....a.i.s._.c.m.p._.s.n.x._.c.o.r.e.=.6.....a.i.s._.c.m.p._.s.n.x._.c.o.r.e._.x.6.4.=.6.....a.i.s._.c.m.p._.s.w.h.e.a.l.t.h.=.6.....a.i.s._.c.m.p._.s.w.h.e.a.l.t.h._.x.6.4.=.6.....a.i.s._.d.l.l._.e.g.b.=.6.....a.i.s._.d.l.l._.e.g.b._.x.6.4.=.6.....a.i.s._.g.e.n._.a.r.d.i.s.k.=.6.....a.i.s._.g.e.n._.a.r.d.i.s.k._.x.6.4.=.6.....a.i.s._.g.e.n._.a.r.p.o.t._.c.o.r.e.=.6.....a.i.s._.g.e.n._.a.r.p.o.t._.c.o.r.e._.x.

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\ais_cmp_bpc-7e7.vpx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):263
                                                                                                                                                                                                          Entropy (8bit):6.0464226627668145
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:xdlwAa1gXDn+/ltelfslllYlXuVplllEzx0hhCxjcyqFhXUAKF8/Uc0Tvj+5Xlpv:9wZ6DnuKjeVRhkaFhia7Svjsj8O6Sn
                                                                                                                                                                                                          MD5:6A1910C51F39D1D89946615AD7C532F7
                                                                                                                                                                                                          SHA1:584530581F5F30D09859D3031595441CF9DDFB04
                                                                                                                                                                                                          SHA-256:8D5A3DE2B259D2C0FB35AD6D424FFA1DC00F890ACE85B7C37932AEADB6482359
                                                                                                                                                                                                          SHA-512:04FB819B28281D28AD0FC97ED3790223232C79DE19AE9826254DB144BA6F944C811A37C5F9E5ECC0C6E4DD6C283053C59360AA4D9A1023D17CEAC94A2A3F5112
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLEN....FCNT....FILE....%ROPATH%\BrowserCleanup.iniOFFS........FLEN....*...VERH........VERL........TIME.....W.TFMD5....IW.s.....Q....>.DIFT....DIFFBS[App]..ServerURL=http://bcu.ff.avast.com..S>...;.j........P.[#....K.I..6..........;?.R..o.i.#.x...I?n..ASWSig2B

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\ais_cmp_cleanup_x64-845.vpx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30411583
                                                                                                                                                                                                          Entropy (8bit):6.605637832559806
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:9rF/oBJxFrVJ1Cb5ffiFvxqaSZrQPQi+rUox996v36wF8VC7Y36yR8xYJbjsnaUt:9rFoJxZVJ1qfiFhr36pADeq
                                                                                                                                                                                                          MD5:B09C4EAD60A3DD41A84ACABE3993B97E
                                                                                                                                                                                                          SHA1:89A9D70CA9E8155E8540F13031F4F190C9F48301
                                                                                                                                                                                                          SHA-256:B8E5158DFF4394868F98CCD52A3EF27E7A7B1B64E159C6533CECE6CF467F587D
                                                                                                                                                                                                          SHA-512:AB45F714B0C07EE2BF432CCD67DA2967BF6C68C9AB2118B7526507515249FEE8DF7C95900A08C108D8CE54603A4DFC56F29307165B03871DCF6C25D8B6E7C710
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLEN....FCNT....FILE....%ROPATH64%\libwaapi.dllOFFS........FLEN....0)..VERH........VERL....S...TIME.....m.fFMD5....U.....c...ag.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwaheap.dllOFFS....0)..FLEN....0...VERH........VERL....S...TIME.....m.fFMD5......L..qJ...z.K.8DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwalocal.dllOFFS....`...FLEN....0...VERH........VERL....S...TIME.....m.fFMD5....b.)...fw..Cb.o..DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwaresource.dllOFFS.....o..FLEN....0.G.VERH........VERL....S...TIME.....m.fFMD5...........UV..J..DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwautils.dllOFFS.....tu.FLEN....0.5.VERH........VERL....S...TIME.....m.fFMD5...... ..X)G.)\...X.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwavmodapi.dllOFFS.....M..FLEN....0.H.VERH........VERL........TIME.....m.fFMD5....c..f..t...@...Y.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\su_adapter.dllOFFS.... C..FLEN.....A(.VERH........VERL......_$TIME.....g.fF

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\ais_cmp_gamingmode-928.vpx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1904733
                                                                                                                                                                                                          Entropy (8bit):6.902867665367206
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:X9pkDR2h5PNC4ogwxHe5bWUEFtOCZyPwKj0h0lhSMXlp5Kj15sgrfkh0lhSMXl3w:z8s5PNJoQ55E+2Kj5DKj/Nw
                                                                                                                                                                                                          MD5:384F6D47E83C343B8D3310DC8496D721
                                                                                                                                                                                                          SHA1:EA6A6E97CE28AE4BD3CF181C07F268200BFA953D
                                                                                                                                                                                                          SHA-256:850CB272BD8BC908EE863C1FA632550C0F070D895414913AC5A6B51A0573D391
                                                                                                                                                                                                          SHA-512:602D08C6D82DE746782C68998DC61597F1835ED15157BF92E2F64DF2F7390E01CF1624E5BD8493BD83123BF6221E908EF8F9F39EE4B48773934734E59CC6F674
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLENu...FCNT....FILE%...%RWPATH%\gaming_mode\dnddetection.datOFFS........FLEN.....z..VERH........VERL........TIME....sm.fFMD5......'c.].J....!.P.DIFT....DIFFBSFILE!...%RWPATH%\gaming_mode\dndrules.datOFFS.....z..FLEN........VERH........VERL........TIME....tm.fFMD5.....'..].......Y7.DIFT....DIFFBSFILE....%ROPATH32%\dnd_helper.dllOFFS....m...FLEN........VERH........VERL......_$TIME.....e.fFMD5.....:...UF..+..6.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH32%\gaming_hook.exeOFFS.....u..FLEN........VERH........VERL......_$TIME.....e.fFMD5....x[..8......B0.u.DIFT....DIFFPE2TEFL......?.....FILE)...%RWPATH%\gaming_mode\dnddetection.dat.verOFFS........FLEN........VERH........VERL........TIME....sm.fFMD5.........b.j...../.DIFT....DIFFBSFILE%...%RWPATH%\gaming_mode\dndrules.dat.verOFFS........FLEN........VERH........VERL........TIME....tm.fFMD5......B8..#...P.ou..DIFT....DIFFBS]....a.;..=........y...>D.M..7.......4S.........l.+1.1..l]|N...7...fx.).N.D.5.F.w......'..Af.>[.u\v.......

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\ais_cmp_idp_x64-927.vpx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10344892
                                                                                                                                                                                                          Entropy (8bit):6.261921990196348
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:dfvXR+jUc6JacFNC8xWmBLN36h8HfV60sWpQpM9ZMhrrL:xvXRcUc6Ja4tN6h8/V60TQpDr
                                                                                                                                                                                                          MD5:58C202A6D3447DCE8A411E63D4656DC9
                                                                                                                                                                                                          SHA1:CFB05CC81E40C07C351296D035C2F0DB38A6A6B1
                                                                                                                                                                                                          SHA-256:B089B507B5C8B8D9914FA3CEBA343E47BE6491DAA697EDB67EC366152C3C84CB
                                                                                                                                                                                                          SHA-512:AB268AFF5D039763BD3EDE81F719BDB85EFA4BCECD83E8E7B628B5327CEA82417D819EFF3B9F20C7FACA912DA4D5EE7AB0E730F09B03CA64F06F678B3A682273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLENt...FCNT....FILE....%ROPATH64%\aswhook.dllOFFS........FLEN.....q..VERH........VERL......_$TIME....6m.fFMD5....j..l..N(8. .D...DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\aswidpm.dllOFFS.....q..FLEN........VERH........VERL......_$TIME....6m.fFMD5...../C.6.V.a.....DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\aswidsagent.exeOFFS....0y..FLEN........VERH........VERL......_$TIME....6m.fFMD5....Z..-..L..K.S.%.DIFT....DIFFPE2TEFL......?.....FILE2...%SETUPPATH%\Inf\x64\%PRODUCT_PREFIX%bidsdriver.sysOFFS........FLEN....8...VERH........VERL........TIME.....m.fFMD5........H..-.=..V..DIFT....DIFFPE2TEFL......?.....MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q.Cg?FCg?FCg?F..>G@g?FCg>Fmg?F).:GGg?F).6GMg?F)..FBg?FCg.FBg?F).=GBg?FRichCg?F........PE..d...nY.f.........." ...&............ ...............................................2.....`.................................................d...(.......

                                                                                                                                                                                                          C:\Program Files\Avast Software\Avast\setup\jrog2-cd.vpx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1891973
                                                                                                                                                                                                          Entropy (8bit):4.12037090919453
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:JEGtO4dg0Qp0F0ExWO/EZy6L7PQHc5PLcPT5CdIz/8buLzQC3hQYR4lXcnyM:j
                                                                                                                                                                                                          MD5:88856CF9345EB14CAADD7B02E7B5067F
                                                                                                                                                                                                          SHA1:FEAFFA6024AAD9CE308206459D94907B1B41148E
                                                                                                                                                                                                          SHA-256:47CA79C1DB170514CB1E4A0DD747823EF6BB3AFF9B784C8BCDA040CC85724AA1
                                                                                                                                                                                                          SHA-512:5C3C348D529D053DDBE8F6C4A9D3AA69AEFF0CBFE97CA00E6BBE8C28C2F952D977E4006DC4999705902E6302DB080894DB860E72F8E23A4D36A10C26FC5F6779
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:L_.f....KEYS-...000059e1-0a38-48f7-b026-111b6b032ff0.0000a237-9a29-4945-901e-8497fc73681a.0001c6ab-58b5-461e-9713-4933576aab81.00025df6-8dc5-44ad-81c7-bc589289d3e8.000347d1-1da1-4bf5-a300-9a6ddfb88cc4.0003bf22-5db8-45ba-abf5-f191ec0e535c.00040fd4-0f2d-48ff-bb5f-5aa986d4e2c8.000420be-d123-4ed6-a7d8-1bd3318f39f2.0006adc8-e7a7-477c-8e43-66cc71cf7665.0006b791-f919-4555-90d6-fd95d9540c32.000734d1-3296-41c3-96f3-e0ade17127e4.00073ad6-46c5-4452-92d2-2c5a4e413a6b.0007c2a7-d2c0-4d59-bc16-43f23aa00734.000830f5-fcda-4090-8afa-2bcd73d1b92c.00091b7f-95fa-4a91-b074-f99a4ad92e76.00099fe5-c135-47a4-9856-28104bf1fa88.000a9f78-6328-41de-81da-e9927d6bc3b8.000bdc3f-f6e1-49f6-9a1e-b2ff31241a80.000c86fc-7bf2-458d-9c8e-9a5a9b151444.000d60bc-b219-408e-b38b-4a13e2c0a799.000e8480-d0ae-4112-ba60-9a3303f26d78.00106a9a-dd07-4004-8659-d5265ba41b1d.00135bc9-899e-4ccc-9e4e-fcd2f514ad99.00150e5f-5cd5-4e63-a0c0-d57e4d9592e4.00161e73-481f-4f07-97a6-bb0075747c46.00164529-3083-4af0-bad8-8ea39acf458b.00181fa0-2cc4-4dc0-979

                                                                                                                                                                                                          C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (517), with CRLF line terminators
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):61609
                                                                                                                                                                                                          Entropy (8bit):5.2298760272090865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:7fPll3KxAAAQh0nMFtbNZL03L8Xy2qMbNM2hKBHq7+Y22Dkcf0HVTtwO8QHawtO5:jtlkfrbGTK
                                                                                                                                                                                                          MD5:436C375C284053AED6CB83EBC44D105D
                                                                                                                                                                                                          SHA1:AF396B5C6AB9FF4F441C9935FFF7592083412931
                                                                                                                                                                                                          SHA-256:6FD779E6D1C4056BAB9EC5C06B81F9294AB918C1DEBF861F57032B17D58D9404
                                                                                                                                                                                                          SHA-512:E2699AA9B27BF22FF52D23168EBD6FB0CD436E9AFE24A22EC3F70AD1383722C3712319F07258C2BD701DC5E26B11B39151F9808A2D00B643E40606E412583541
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.[2024-08-14 10:40:53.868] [info ] [sfxinst ] [ 5820: 7100] [F8CC93: 992] --..[2024-08-14 10:40:53.868] [info ] [sfxinst ] [ 5820: 7100] [F8CC93: 993] START: Avast SFX stub executable..[2024-08-14 10:40:53.868] [info ] [sfxinst ] [ 5820: 7100] [F8CC93: 296] Entering SFX stub guarded code section...[2024-08-14 10:40:53.868] [info ] [sfxinst ] [ 5820: 7100] [F8CC93: 395] Running SFX 'C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe'..[2024-08-14 10:40:54.165] [info ] [sfxinst ] [ 5820: 7100] [F8CC93: 629] Moved extra data file 'ecoo.edat' to 'C:\Windows\Temp\asw.5463fcd871ea2a5b\cookie.bin'...[2024-08-14 10:40:55.260] [info ] [sfxstats ] [ 5820: 4396] [9A143C: 149] Statistics sent successfully...[2024-08-14 10:40:55.275] [notice ] [burger_rep ] [ 5820: 5112] [DC075C: 64] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-08-14 10:41:27.990] [info ] [sfxinst ] [ 5820: 7

                                                                                                                                                                                                          C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):281
                                                                                                                                                                                                          Entropy (8bit):4.616432865037975
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:9KL/OW4Qg3IKw6B6Tjy0/ObSXj33g3IKw6B6Tjy3:8/d4n16q0/nzg16q3
                                                                                                                                                                                                          MD5:FC150CC41CC06A7D210B8298B3AFBE51
                                                                                                                                                                                                          SHA1:554F6AAFDDB58F69AD0809D74D872032DDEE0067
                                                                                                                                                                                                          SHA-256:01DB0E61617A7CE784115309D680ADFBD242F715501D1EEEF13DA9408C453F2A
                                                                                                                                                                                                          SHA-512:7B333DD106C1224411D9A7BAC4C7B5A184673A14F954C939E9BA2F89A3B69FDFDAF653F2A4B74F06D8F03F172232D7D877F76BE1AA98918B6C02291E2F525274
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.[2024-08-14 10:41:33.054] [info ] [burger ] [ 832: 4296] [C9898C: 55] Storage path was not set so neither stored events are read...[2024-08-14 10:42:00.858] [info ] [burger ] [ 5872: 1108] [C9898C: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\20240814_104218_perr_uuid_update.jslog

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):932
                                                                                                                                                                                                          Entropy (8bit):7.792158477432975
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:BqP6qqDREB9SAtwDHyhg4e14daecK9k8SFvUP/EPZGJMRB1:BMqDRgttwWKB1qo6HyZD1
                                                                                                                                                                                                          MD5:B35A21E9EDA762D69C031D6865EE52BD
                                                                                                                                                                                                          SHA1:46269ABC055B2A9E2953A3BFD2B135C3541683BF
                                                                                                                                                                                                          SHA-256:900F5B58D56E870D4C15D8AFDC39E9897CB53BEA26DC3EE6709B72E6C36AA313
                                                                                                                                                                                                          SHA-512:8FBDB1A4A3588A24ED0449AE4E8F5064B2E24EAC7978B9C1124BED1588ECB4C01BB870F60AF86ED392ABB4CF66A14EF0B4A2E860811AB2763137154EBD4766EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..2..m.-.f.=W,..j.N.........R#*^..."...a.s..~:...s..bO....Y..C...U..-,.r.]@e......K`.A.=.....v...?1".qC.r.D...F......8r9...0<.5^|..+*..%..-.}B...#.../...w.E<.-.w...y.e.o...a.5.L...'..x..B5.c.@S..P...e.b?.Sd.<.9...h.R..t.r...)....&...i.EH...!P5..SY....@....z./.Ei..Y!%,..M.c.xH...f.@..|......I5n.[. .D.g.7|.SZ.<.i.T.4....\........Z...l#.....6.. 9.H.c.no.....Q....../...%x.........&..l)u5R-65V\.=.9Yh.......Y.t......+~..,f..1...w..Yv.......[..........ML.g.b6...P.1T.A.2........*...&.....g....)|(`VH.s.T.{.;%...T..\`............G.7.|Pkr...' #F.?....S...Cl.... ...f.....?8.==.p+...%.W8..'...ys/..vi.<.3..X. ........................y.E..X...G..K..x......s'V..Gq.B.4.`Q...7..+..t....d....8.!..&.5_v#...!..WV-.&.S.1.......2o-Y.J}P&........!.s..w..kkD...Mr...[.....zu]T...W.[O5...V7...mJ.%..w..J..,.e.t..PPP.=h...^..X.s...g|D.>5....{D.&.g.1..g.}:.2cW..."J....c).#...y...J@r.P{..h..arHI......

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\20240814_112231_perr_conf_update_direct_success.jslog

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1321
                                                                                                                                                                                                          Entropy (8bit):7.8559841382818325
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:BtRwRLLtmIyEjXN5PGmNtE0gxz5mRPg9hLz0yXVbGRUciHx8Uht:BtyhUIjXN1GmN29R0iRYaa2t
                                                                                                                                                                                                          MD5:C53675FDFC39632BD37B0B12AE909343
                                                                                                                                                                                                          SHA1:47F70FE4666D8C2863A97D3FBF8EA2B1F1F00ECE
                                                                                                                                                                                                          SHA-256:68204681AD2A44216ED3365401C9122837E82015815211F31641039CB36DB3AA
                                                                                                                                                                                                          SHA-512:5B2DA1FAB5D9ABAD5179AAD33D9F6E11AA6CBC9BC77FDBE778F62AC32EE9F3073158220F882C834018DFF4E0EC838C5B6391ECF814D03FD214E8AB7591A24D73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..2......_....5%...........b.......W..T.68..PH.*.#.#yqe.9......y....\..'...kr.=..{..WRsL.O1*.<...:..X...E...}...$.}..\#. ..3cC...;##...[...F4..:X...dsO;..{..G...%.#.....?b....N..\F..D.R`V.1.1.:U..+....T.=...d.!B.4..Clv..]I.-..{K..Lz%Ib9..eG8......<.........]..u.K%..? ...Z...l..R..z!=.'..laMF.1..4T...Cy!H{e<1...R..t.c..K.....<E9.....M......i..K_=....|.9.....&.....6..hl4......<'Wyp/a..?p.r..}V..,.q.k~....,.)#...+r..D!...^r...8..T.....r....e...Q.P.K...u....A..Gh.#...;..Q......s8.E].).kqs.....dH3&...R7y.........p..t..(a..../g..t..t.....3<.>v....N.8...Y.>6....[.U.,.;^.M.8.)n.(..).0....P..d...2k...-..u.cB.....%.dUr.(..m....;.M>J......k.G.......ME....F....0&=.O......h#...w~.?..BL>......VE..49L.......}..:7...%..M..330...i...e.8.:..aH....L.......}.&kti.z>...@.?..S.U...2..U@.?.uQ..B.9...F...[.0..m~........7.....U ..9.D.2j....:~.......6e..A6}.z..c...~...?.<.-Z.=....0=9...8..o]#.e....\..]..;.ZG.*XA.{....L........Kq.:...7....Zq.6....ZJ.:f.o!...-&....%...T.

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\README.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):281
                                                                                                                                                                                                          Entropy (8bit):4.5653366452392214
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:4mHfka7UeAaMZKRLTKop1dHyLdyAawFxweuxDUEFBmHNZ7KfiAfn:/kaZdM0kood+wI9LBOZ2bn
                                                                                                                                                                                                          MD5:540AA403E48504AFB32836CF9706B2FC
                                                                                                                                                                                                          SHA1:0B2D48257D0FBD6401D87CAF0FCCE244BBF71554
                                                                                                                                                                                                          SHA-256:24FE06A383CC95BBC245E3EEDD20354FA7EBD32879302EDEDD721F26779CD8A6
                                                                                                                                                                                                          SHA-512:F70D874CA1539922A4E3938C4C63E678C7C09ADC9A43C78F576F5F46C73FA0F7C4974301FC8CC87EFB9A1EA3D2F10B5581EED181CB935F319589303CC4D8F2CE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.This directory was created on 14.08.2024 during the "DriverHub" installation process...The files in this directory allow you to unlock certain features in "DriverHub" for free. Please do not delete or change them...This directory will be deleted when you uninstall "DriverHub"..

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4956152
                                                                                                                                                                                                          Entropy (8bit):5.665187093924865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:tNVEAGlOGZVaJHNNzjmX7/EtHb/FB5RaD2+ejVOMf4CLj22BWf7bK4tpJ5+8kRJZ:vDZ+V+Dhx32N7bK4tpJ5+8kRJ0o+dET
                                                                                                                                                                                                          MD5:695D468937F058F373463DE015D4E0AB
                                                                                                                                                                                                          SHA1:15DC1B7F3EA3B9DD2D283FDD1DFFBBDEC8E88DDD
                                                                                                                                                                                                          SHA-256:68BA91E5139E217607E970D2C6116FFF85BFE3F977360067DCFD6BEB1F67C6CC
                                                                                                                                                                                                          SHA-512:A5043F1B1C611AA03B556CD55DC99C438D6D45C3D92CD885F952C65AFC359F355E2BA59F315BF79B9D8CBC9640FC3D76D7430A22D638CE58D74655132770036D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..W...W...W."~....W......W......W...V...W.......W.......W.......W.......W.....W.....W.......W.......W.....W.Rich..W.........PE..L...[.Uf...........!.....<....K.....\K.......P................................K......KL...@.........................p...........P....@..02J..........NK..Q....K.4....P..8............................Q..@............P..............(Q..H............text...b;.......<.................. ..`.rdata..l....P.......@..............@..@.data........0......................@....rsrc...02J..@...4J.................@..@.reloc..4.....K......JK.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk_app.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4371
                                                                                                                                                                                                          Entropy (8bit):7.874805072953916
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:+Ibx3Vnv4TkHpJs4U0xydYfNBb6bXitj31JeQLllW8hNX3qFbVo8xRw+MIO:Vx1vM0DxyABeTwjfeQBlWgXXQRpMIO
                                                                                                                                                                                                          MD5:86B8A78FF2C8FD9386B45AA2B9DEC0B8
                                                                                                                                                                                                          SHA1:036B4794BD2BCB1785949B3C71A0B128256FBEEC
                                                                                                                                                                                                          SHA-256:1C6FB92BE713B71092FC63B641D2A893CE0493CD6DFBEA495E29B7E7F0E4FA87
                                                                                                                                                                                                          SHA-512:F3EC2B883B69022942ACA2E9CE52D2A0E7FC478BAF7F76383A174D57A0519EF7CACF73637FDFF5A5100979C28B8A6FFE3BA168794861088A2A59BC9D16B05D43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:Bright SDK logger..Build version: 1.463.822..OS version: Microsoft Windows NT 6.2.9200.0..Timezone: Eastern Standard Time (UTC-05:00) Eastern Time (US & Canada)..Build date: 28-May-24 11:11:43..Makeflags: DIST=APP RELEASE=y TOKEN_SIGN=y CONFIG_WIN_SDK=y OBFUSCATE_SDK=y CONFIG_BATREQ=y CONFIG_BAT_CYCLE=y CONFIG_BAT_PLATFORM=app_win64r_obf..Process: 4748 (admin) (elevated)..Consent: NONE (2024.08.14 10:45:18.000/NONE) (ORS8yMDI0LjA4LjE0IDEwOjQ1OjE4LjAwMC9OT05FTk9)....2...l.m..D[$U..2....V..../.C\P....~..g..Y..*...+P...`..."W.l6.I.i...."..4.u*....u.=....H.w{....Q.X;....w.;...2..D..=......v..j...<...#....z..j.)..f..}.......:..i.M........A................2.[.....a.T..o9.....CT\..<.V.dq2..T.*...v.p..d..k.`Ej...]0h...,..^u.v.,8..........EW.Hb.....2...</.i.9o.r.......W...@!~8.iH....p.dpl7\6.i....3d.5xt"Wm?x"...Y |.........H.qEe.......>..<..c..4..Z..L-...8l..2.]d.m....I.LS...(.....F}..mb...`^..(. c.wd`R...r.hbi..J......^$.....t.g.B.@.f.G.)....,d....a..B....kO..8.V|.r...w.

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\db\conf.json

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):38912
                                                                                                                                                                                                          Entropy (8bit):7.9947372921935
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:5qdnvOvEHifXhITpZuakt9ke93WDdeicZNRBEnWWZOGSUYw:5invOsCpITruNZ9GxeiI9EnWWZXYw
                                                                                                                                                                                                          MD5:75304EE935FEAAD65483078EDF8252CB
                                                                                                                                                                                                          SHA1:F877C90A80D6AEADBE207164628A8BF0ED9C7404
                                                                                                                                                                                                          SHA-256:A53BFAF1CAD3A855C773C3D41ABACDD7A438C4181A5BEFF9309279F90C94351A
                                                                                                                                                                                                          SHA-512:11689DB8EE9F8EFD052A0D6C791FFF73849BB36818266EF3E63985A80C81EB6D4D1FBEF65DA1CD1EDAA384118DC4B98C6487400B08E4D5D137B3F61C92DE7B89
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..2......Mj..s7g........,'..B.3.Y.a..fa7g.<3.s....l...]..NQ.O].?..m0%..*z.E7zh....T.7..:../...BY.K.W.=m9.p....3n.."....p..,v.)[.z.w4f?YN........ B3.S.H.>...T....>.<.[p.CJ$}...xaA8....c.QZ...c...B.qb..l....i.\V...V...'r:..E.+....V%..<..."....s4..u...q./.IdwB93=...K....TZ.iJ7.`.>.....7.tg%.v....V.....E.V..Z.N8....gt..~...c=...%.l.....`K..F.....:.v.k..."./J.\.y.9....J.4..dI.w....0..p..k..c.&...N\...y/.e..+...)....1..6..@.~.."CJ.$.ul..S[.N...uM'A......}=gm...y......`)".-.....|.......D..m..U-DE....>..N..4GX=..8..>...kUN..|.`1.%..2r..K.3K..D...^.p...#..0J..aE...(..>.>..OK.]...)...fd...\w#..Y...`t.oQ....>.L`.oM<<.diT........1..RW....:..^/..^....A..Ft.]3<g...<!..R%..y.w.4....&.N..u...jE.K...c.[X.-..!....F..-.....i}.....M}...}......M..\p.?..{...l..p.&./.m.'....?0_&......._...jL.bza).n..&VO.V..L.('.x#.0...G..bk.OX=.x...?...+.u.......wV..vp..c....F.r...v._Fw.Mu.x....{Q2h).t....\..#...g\.7.Y.L).}c+.......(.t..[..'.s..+B.9.. .K........L...

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\kbasnthasciateuhant98437uau

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:E:E
                                                                                                                                                                                                          MD5:0CC175B9C0F1B6A831C399E269772661
                                                                                                                                                                                                          SHA1:86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8
                                                                                                                                                                                                          SHA-256:CA978112CA1BBDCAFAC231B39A23DC4DA786EFF8147C4E72B9807785AFEE48BB
                                                                                                                                                                                                          SHA-512:1F40FC92DA241694750979EE6CF582F2D5D7D28E18335DE05ABC54D0560E0F5302860C652BF08D560252AA5E74210546F369FBBBCE8C12CFC7957B2652FE9A75
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:a

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_install_id

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                          Entropy (8bit):3.5479069076840855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:SSEgQ0RkTIg0n:SyL5zn
                                                                                                                                                                                                          MD5:1D51978CE9532427F1ED43FE633D8362
                                                                                                                                                                                                          SHA1:0E855C00BC54664E184A6CF610464448E4A7D307
                                                                                                                                                                                                          SHA-256:75D20838CB8BCFC9B094B47AB7BC59905AB2A882911B0451D67DD2407A451996
                                                                                                                                                                                                          SHA-512:C0013E40DC98451AFD440A54B6A6FBAE669BF8B6D64B399648C42E895132976E9F29D586411F9D210A0A5CBA6D00B68EC2515BDB04F0206CD2C5E3BA245D5C1F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:0cd704c7406ce945b55bb490614761ea:

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_session_id

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):128
                                                                                                                                                                                                          Entropy (8bit):5.571616503618915
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:WydDyJYagWdmNkAPfosaz3dcA2U1yV6WLX3igHun:9EW1hv3IDdcARESgOn
                                                                                                                                                                                                          MD5:2F8754A9A0346D850C91D83553383BE8
                                                                                                                                                                                                          SHA1:5B2A2D7DFC22506E13F47923D44016E22456501E
                                                                                                                                                                                                          SHA-256:62FF543190C39ED423C415DADC258B81634C4533E113E402C2BA679DB7647396
                                                                                                                                                                                                          SHA-512:E3365B9F4F2A8672934EBC3B3951B261AA0D3F6AF38EAAD314E3F546D4B6EAE3A893F5CDD0638F17BA49C762C6F98D487B7B9B16D43B223D51651830C541A420
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:mMTuxFew04kq/8D06KNW/CszFAT9pgnsMji21aC/HWyahnZIcrUobkXEckZ4PmU6sFI+PVb2x99TeO2r/IngIdtPWpZvmwsodhdhi1bqK0pbOdkPG5Yg/W2/IUYXCIzc

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_session_id:LUM

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):216
                                                                                                                                                                                                          Entropy (8bit):5.791472401163445
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:KxF9PfKyKSMmBzv4UP78YRgjQ3I6Pu81YtaBzgM:09KyJMmuxhQ3Z1YUBH
                                                                                                                                                                                                          MD5:06497D913F759D390CBE4B021B3CE29E
                                                                                                                                                                                                          SHA1:60FE89E70AE05C7FE471C5865C6E5EE7D7ED1E56
                                                                                                                                                                                                          SHA-256:BED93FFE5CDCC6BCF4DB0E9FA04F169EE27BE93AA2FC39E940B1251A9566A1FE
                                                                                                                                                                                                          SHA-512:3542241C914D907D5BA0E9BEA2EFB967F350DF57ED9CBC1EE362D13ECEF90B0886D7C5A52BBA5BAB66DBE1BD0F46FA48CC4ADE0144C33024EAD400EF3F4815D5
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:R3XKV7eLdQzsXUE7dFHjUitzAnlMx2RPLEqSdz71x0DxqcTECn3HHfKsXLvZOAbreZYJ4HYO7AlMlZFMqRv1DxisZEIsenBp2d3MKLn6Tyn2PG6fUnEzaU8Lvwtf8RDPfSax5dIP17TEJcjpwRWCLOU4gmyMao2VuRhGeQyK9suLWHbEbS6jx3g8ZrtH384YU0BGrSyb9EdbwUvu1FVlBA==

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\msvcr120.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):970912
                                                                                                                                                                                                          Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                          MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                          SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                          SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                          SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31224
                                                                                                                                                                                                          Entropy (8bit):7.1199518453953194
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:60mqRxWRKEpYinAMxP3RsYiR3geAMxkEe:lmqRxWRr7Hx5s7dxi
                                                                                                                                                                                                          MD5:03BA6C3A52780D89BE563B7CD5668AD0
                                                                                                                                                                                                          SHA1:0B170FFBD37344F16D6867D82127F2250EA915F8
                                                                                                                                                                                                          SHA-256:250F6D006C754DF86CFD465A138D649C08387040752D5B552A33F3FF783E1212
                                                                                                                                                                                                          SHA-512:1CB87ADC1561C347E8D8B51DDF9095FCDD9FCBF641A603D5270C7BEFDB8364B9C40AEA8C4471CA49C277621AE0255DB0E8FCBEBB264C252562557D034FADA201
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Uf.........."...0..............7... ...@....@.. ..............................4'....`..................................6..O....@..$............(...Q...`......x5............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`.......&..............@..B.................6......H.......|!..t............1.......4.......................................0..r.......(.....(....s....s....&s....%~....%-.&~..........s....%.....o....%o....%~....%-.&~..........s....%.....o....o....&*...0..........r...ps....o....&..&..*...................0..$........{....,.*..}....r...p.s.......( ...*"..}....*..(!...*.s.........*..("...*2(#....o$...*J.(....(#....o$...*...BSJB............v4.0.30319......l.......#~.. .......#Strings........X...#US.........#GUID.......d...#Blob...

                                                                                                                                                                                                          C:\ProgramData\Package Cache\.unverified\cab54A5CABBE7274D8A22EB58060AAB7623 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 824123 bytes, 11 files, at 0x44 +A "concrt140.dll_x86" +A "msvcp140.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 62 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):834339
                                                                                                                                                                                                          Entropy (8bit):7.997653805266825
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:12288:iESvOn+e4BpcHLO0eHku5ai12A7RLnAFmDAmKyVUnkrj7N0XlFKsN9XD904s1:bSje4rH0K+i15kEDfKlns7NUl8Wrs1
                                                                                                                                                                                                          MD5:A57EFC0AFFFDF914CBC76BB882CAD37E
                                                                                                                                                                                                          SHA1:732DBEF27C49C27D9F1C00EBA177EABC21650FB8
                                                                                                                                                                                                          SHA-256:C384DA7CC6EAD2CE054A67FDED26D7E4CFF2F981A83C64DE62E53864665E5F45
                                                                                                                                                                                                          SHA-512:AD2CFC0FD199FE2726FD18C0A5972185E8331FE49807CA6340212901DD61D30853E2C72015EE9BAC0425E287EF488190A245676173194FAFBF8F6FC7FBF9BABA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MSCF....;.......D...........................;....'..............>...P.........3X,. .concrt140.dll_x86.x...P.....3X-. .msvcp140.dll_x86.P........3X-. .msvcp140_1.dll_x86......B....3X-. .msvcp140_2.dll_x86.P.........3X-. .msvcp140_atomic_wait.dll_x86.Pv..h.....3X-. .msvcp140_codecvt_ids.dll_x86.p....B....3X-. .vcamp140.dll_x86.pZ..(.....3X-. .vccorlib140.dll_x86.px...-....3X-. .vcomp140.dll_x86..c........3X-. .vcruntime140.dll_x86.P.........3X-. .vcruntime140_threads.dll_x86.!.)..4..CK.}|.U...E..Ge....WV..P...$@)...R..M..i...."b.UX.j]Y.b..V@..h.q.j.......*j]..R]..&S23NX|.........r....3s..3..D..".....-".....I..g>5P.8..Z..W.*\....r...Z..x..k....X..k.9.Jo.k.....>......U.z..........8...YK.<...%.*..}YE.qe...X..H9...<^.........B.K}.y....M.._.u.4..q.F.&....".... .0.....H...3...V..q.MP...".c...o....^.!v01.!b....!.v.#..s.../....c.u....3.`Kz...WM........l..c..1...p".6Z...8......Hw.p...[.D.?....W.K9...>+uz..\.^.....1.G...&..........r..@xm..|n...`..."D.S".K..g4...Z.Q..+

                                                                                                                                                                                                          C:\ProgramData\Package Cache\.unverified\cabB3E1576D1FEFBB979E13B1A5379E0B16 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 5167260 bytes, 14 files, at 0x44 +A "mfc140.dll_x86" +A "mfc140chs.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 323 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5177492
                                                                                                                                                                                                          Entropy (8bit):7.997816222199811
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:98304:310T9qeMt7UU5qai1jrZLsAoSIA+PTwQKrzd04mAp1dDbXN+52qKfYPh:F2LsUmC9t5IMQKrzCXy3XA5JKE
                                                                                                                                                                                                          MD5:4A17E4DA145FA1EA92A52266221AD628
                                                                                                                                                                                                          SHA1:F6304DE9D73609F6B9717D6A4D44EFD7AB7FFE9E
                                                                                                                                                                                                          SHA-256:9544ABBD46B39BEC491CF63076FB109306E519F303DF9CD583A28956172BF038
                                                                                                                                                                                                          SHA-512:DE9A6A1391070A9470F78208FF74120CFFD2A1E2580AF4ADD87914BA6DD27E07B092E66CAA847726E05EB5FAE0C1252681DE37F34B560D4D95F3B76F3599E16C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MSCF......N.....D.............................N..'..............C.....I.......3X-. .mfc140.dll_x86.P.....I...3X,. .mfc140chs.dll_x86.P....J...3X,. .mfc140cht.dll_x86..7..8rK...3X,. .mfc140deu.dll_x86.P.....L...3X,. .mfc140enu.dll_x86..3..h.M...3X,. .mfc140esn.dll_x86.h8..H.N...3X,. .mfc140fra.dll_x86.p0...(P...3X,. .mfc140ita.dll_x86..... YQ...3X,. .mfc140jpn.dll_x86......?R...3X,. .mfc140kor.dll_x86.P(...#S...3X,. .mfc140rus.dll_x86.xMJ.PKT...3X-. .mfc140u.dll_x86.pR.......3X,. .mfcm140.dll_x86.PR..8....3X,. .mfcm140u.dll_x86.z...4..CK..w..T.0.0" 8C(.R.X..6U..^..)...;..!.;.J'...w..C....."."..|...9.W.s......{V.Z.z.J.0.7...w.(.4\.|.E.D../.....O.E.~t...=1.-.....km...p....e...f.w.q..M.Hv.}.d...eW_3.a...0v.s.W................=.............NZ...L..T.......?3...>.L>...3..r...T....33.......{..M..a.~.u.Q.w.l..u.{O.rQ..$.E{...M.}..~<.T...Y..Q...{.s....p..Q..1Q4Y.2e...o....p.ye.p..R.I.S........oEQ.. .0.k........a..Rt...k.|....>X..Z...&]p....f...Q..~..j..}....k........ {

                                                                                                                                                                                                          C:\ProgramData\Package Cache\.unverified\vcRuntimeAdditional_x86 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.383378429526644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                                                                                                                          MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                                                                                                                          SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                                                                                                                          SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                                                                                                                          SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Package Cache\.unverified\vcRuntimeMinimum_x86 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.37750026266588
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                                                                                                                          MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                                                                                                                          SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                                                                                                                          SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                                                                                                                          SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\cab1.cab (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 824123 bytes, 11 files, at 0x44 +A "concrt140.dll_x86" +A "msvcp140.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 62 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):834339
                                                                                                                                                                                                          Entropy (8bit):7.997653805266825
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:12288:iESvOn+e4BpcHLO0eHku5ai12A7RLnAFmDAmKyVUnkrj7N0XlFKsN9XD904s1:bSje4rH0K+i15kEDfKlns7NUl8Wrs1
                                                                                                                                                                                                          MD5:A57EFC0AFFFDF914CBC76BB882CAD37E
                                                                                                                                                                                                          SHA1:732DBEF27C49C27D9F1C00EBA177EABC21650FB8
                                                                                                                                                                                                          SHA-256:C384DA7CC6EAD2CE054A67FDED26D7E4CFF2F981A83C64DE62E53864665E5F45
                                                                                                                                                                                                          SHA-512:AD2CFC0FD199FE2726FD18C0A5972185E8331FE49807CA6340212901DD61D30853E2C72015EE9BAC0425E287EF488190A245676173194FAFBF8F6FC7FBF9BABA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MSCF....;.......D...........................;....'..............>...P.........3X,. .concrt140.dll_x86.x...P.....3X-. .msvcp140.dll_x86.P........3X-. .msvcp140_1.dll_x86......B....3X-. .msvcp140_2.dll_x86.P.........3X-. .msvcp140_atomic_wait.dll_x86.Pv..h.....3X-. .msvcp140_codecvt_ids.dll_x86.p....B....3X-. .vcamp140.dll_x86.pZ..(.....3X-. .vccorlib140.dll_x86.px...-....3X-. .vcomp140.dll_x86..c........3X-. .vcruntime140.dll_x86.P.........3X-. .vcruntime140_threads.dll_x86.!.)..4..CK.}|.U...E..Ge....WV..P...$@)...R..M..i...."b.UX.j]Y.b..V@..h.q.j.......*j]..R]..&S23NX|.........r....3s..3..D..".....-".....I..g>5P.8..Z..W.*\....r...Z..x..k....X..k.9.Jo.k.....>......U.z..........8...YK.<...%.*..}YE.qe...X..H9...<^.........B.K}.y....M.._.u.4..q.F.&....".... .0.....H...3...V..q.MP...".c...o....^.!v01.!b....!.v.#..s.../....c.u....3.`Kz...WM........l..c..1...p".6Z...8......Hw.p...[.D.?....W.K9...>+uz..\.^.....1.G...&..........r..@xm..|n...`..."D.S".K..g4...Z.Q..+

                                                                                                                                                                                                          C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.37750026266588
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                                                                                                                          MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                                                                                                                          SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                                                                                                                          SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                                                                                                                          SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):650080
                                                                                                                                                                                                          Entropy (8bit):7.2212720110363735
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:fnMwHskY7gjcjhVIEhqgM7bWvcsi6aVl/IyiJGvJtg2t/JgM:vMysZgjS1hqgSC/iz1fiJGvJtxhJ
                                                                                                                                                                                                          MD5:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          SHA1:41EDD6321965D48E11ECDED3852EB32E3C13848D
                                                                                                                                                                                                          SHA-256:D4C6F5C74BBB45C4F33D9CB7DDCE47226EA0A5AB90B8FF3F420B63A55C3F6DD2
                                                                                                                                                                                                          SHA-512:D85AC030EBB3BA4412E69B5693406FE87E46696CA2A926EF75B6F6438E16B0C7ED1342363098530CDCEB4DB8E50614F33F972F7995E4222313FCEF036887D0F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\state.rsm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):952
                                                                                                                                                                                                          Entropy (8bit):2.6587737542755088
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:7ZK34pgMClGttDa+xU9TRqi2ttun2QkQ1eg2un2QTQ1eg:lKUgMClccTRfEpE
                                                                                                                                                                                                          MD5:AF3F6B5566A1158C8823A2ED136422C2
                                                                                                                                                                                                          SHA1:AED0F6147E95CB73898C2DF3112B0A971A52042B
                                                                                                                                                                                                          SHA-256:95A21808E4181D50C57659B028FCC325C750506050046298737F2CC966C277FB
                                                                                                                                                                                                          SHA-512:9EDCA805DAAF7CCC2E1D5B2AB65916C4AD462269D4E0E8A8942D5ED2D08D1AFF75CF04B1CCE9CA51DD32ACB1D2F84F17C08C72784F04C50F168860A8312D4552
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:J...............................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.................................W.i.x.B.u.n.d.l.e.N.a.m.e.....B...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...3.8...3.3.1.3.5.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....>...C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.r.i.v.e.r.H.u.b.\.V.C._.r.e.d.i.s.t...x.8.6...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.....-...C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.r.i.v.e.r.H.u.b.\.................................

                                                                                                                                                                                                          C:\ProgramData\Package Cache\{9C19C103-7DB1-44D1-A039-2C076A633A38}v14.38.33135\packages\vcRuntimeAdditional_x86\cab1.cab (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 5167260 bytes, 14 files, at 0x44 +A "mfc140.dll_x86" +A "mfc140chs.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 323 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5177492
                                                                                                                                                                                                          Entropy (8bit):7.997816222199811
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:98304:310T9qeMt7UU5qai1jrZLsAoSIA+PTwQKrzd04mAp1dDbXN+52qKfYPh:F2LsUmC9t5IMQKrzCXy3XA5JKE
                                                                                                                                                                                                          MD5:4A17E4DA145FA1EA92A52266221AD628
                                                                                                                                                                                                          SHA1:F6304DE9D73609F6B9717D6A4D44EFD7AB7FFE9E
                                                                                                                                                                                                          SHA-256:9544ABBD46B39BEC491CF63076FB109306E519F303DF9CD583A28956172BF038
                                                                                                                                                                                                          SHA-512:DE9A6A1391070A9470F78208FF74120CFFD2A1E2580AF4ADD87914BA6DD27E07B092E66CAA847726E05EB5FAE0C1252681DE37F34B560D4D95F3B76F3599E16C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MSCF......N.....D.............................N..'..............C.....I.......3X-. .mfc140.dll_x86.P.....I...3X,. .mfc140chs.dll_x86.P....J...3X,. .mfc140cht.dll_x86..7..8rK...3X,. .mfc140deu.dll_x86.P.....L...3X,. .mfc140enu.dll_x86..3..h.M...3X,. .mfc140esn.dll_x86.h8..H.N...3X,. .mfc140fra.dll_x86.p0...(P...3X,. .mfc140ita.dll_x86..... YQ...3X,. .mfc140jpn.dll_x86......?R...3X,. .mfc140kor.dll_x86.P(...#S...3X,. .mfc140rus.dll_x86.xMJ.PKT...3X-. .mfc140u.dll_x86.pR.......3X,. .mfcm140.dll_x86.PR..8....3X,. .mfcm140u.dll_x86.z...4..CK..w..T.0.0" 8C(.R.X..6U..^..)...;..!.;.J'...w..C....."."..|...9.W.s......{V.Z.z.J.0.7...w.(.4\.|.E.D../.....O.E.~t...=1.-.....km...p....e...f.w.q..M.Hv.}.d...eW_3.a...0v.s.W................=.............NZ...L..T.......?3...>.L>...3..r...T....33.......{..M..a.~.u.Q.w.l..u.{O.rQ..$.E{...M.}..~<.T...Y..Q...{.s....p..Q..1Q4Y.2e...o....p.ye.p..R.I.S........oEQ.. .0.k........a..Rt...k.|....>X..Z...&]p....f...Q..~..j..}....k........ {

                                                                                                                                                                                                          C:\ProgramData\Package Cache\{9C19C103-7DB1-44D1-A039-2C076A633A38}v14.38.33135\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.383378429526644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                                                                                                                          MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                                                                                                                          SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                                                                                                                          SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                                                                                                                          SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\BrightData\cc8c404f5724a77db98a713bb560dce15970e661

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                          Entropy (8bit):3.5479069076840855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:SSEgQ0RkTIg0n:SyL5zn
                                                                                                                                                                                                          MD5:1D51978CE9532427F1ED43FE633D8362
                                                                                                                                                                                                          SHA1:0E855C00BC54664E184A6CF610464448E4A7D307
                                                                                                                                                                                                          SHA-256:75D20838CB8BCFC9B094B47AB7BC59905AB2A882911B0451D67DD2407A451996
                                                                                                                                                                                                          SHA-512:C0013E40DC98451AFD440A54B6A6FBAE669BF8B6D64B399648C42E895132976E9F29D586411F9D210A0A5CBA6D00B68EC2515BDB04F0206CD2C5E3BA245D5C1F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:0cd704c7406ce945b55bb490614761ea:

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\058de324c1b0dac284ea2bf72c8481ef4cdfd79b.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16984
                                                                                                                                                                                                          Entropy (8bit):3.2612245833911797
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:L8rSaHRI9ML+CTxS9W4cnG7Dx5oKVRVE6LFV+Vk0JFrVSVFVDLVV0lXIzsol5gbn:DaqcXVS9rcGRtz9U1onD5Gl4ool5gbZZ
                                                                                                                                                                                                          MD5:75EBF9D1AD3A5218D134DB8175B81DAD
                                                                                                                                                                                                          SHA1:F0568EDFF88DF5CAFC88B7DA0155E815BD6535DD
                                                                                                                                                                                                          SHA-256:869D034DB58AF8A76E6B11F9F74830EF28041943FDC8647FD1461EB43CE2C048
                                                                                                                                                                                                          SHA-512:CF7F5868A43272FFC5DB849EBFD5DDEEC0B42662EBE6FD8EF25E19C3F618178A7B3F6405E28D7F849836718995B42E597E3437660253D8F54746DC5C4E07CB90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....XB...................................................,t@e.......}..8q.<........I.)Rz........p...............................................................................................................................H9..........`...........................`...(...p....... ...............(...p...........H...........8...........(...x.......(.......@.......(...(...p.......8...........h...0...........p...............................................s...P...........................................#.......#...............................1.......................1...C...S...c...s.......................................1...........1.......`...s.......S...P...s.......s.......s.......s.......s.......#.......S...............S.......S.......#.......S...............S...s...P.......S.......................p...............S...S.......s... ...0...........S...S.......s... ...0...s...S...`...S...p...s...P...............0...........p...s...........s...............................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\058de324c1b0dac284ea2bf72c8481ef4cdfd79b.qmlc.ZlzOoc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16984
                                                                                                                                                                                                          Entropy (8bit):3.2612245833911797
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:L8rSaHRI9ML+CTxS9W4cnG7Dx5oKVRVE6LFV+Vk0JFrVSVFVDLVV0lXIzsol5gbn:DaqcXVS9rcGRtz9U1onD5Gl4ool5gbZZ
                                                                                                                                                                                                          MD5:75EBF9D1AD3A5218D134DB8175B81DAD
                                                                                                                                                                                                          SHA1:F0568EDFF88DF5CAFC88B7DA0155E815BD6535DD
                                                                                                                                                                                                          SHA-256:869D034DB58AF8A76E6B11F9F74830EF28041943FDC8647FD1461EB43CE2C048
                                                                                                                                                                                                          SHA-512:CF7F5868A43272FFC5DB849EBFD5DDEEC0B42662EBE6FD8EF25E19C3F618178A7B3F6405E28D7F849836718995B42E597E3437660253D8F54746DC5C4E07CB90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....XB...................................................,t@e.......}..8q.<........I.)Rz........p...............................................................................................................................H9..........`...........................`...(...p....... ...............(...p...........H...........8...........(...x.......(.......@.......(...(...p.......8...........h...0...........p...............................................s...P...........................................#.......#...............................1.......................1...C...S...c...s.......................................1...........1.......`...s.......S...P...s.......s.......s.......s.......s.......#.......S...............S.......S.......#.......S...............S...s...P.......S.......................p...............S...S.......s... ...0...........S...S.......s... ...0...s...S...`...S...p...s...P...............0...........p...s...........s...............................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0687ad87eb80646ceadbcb1accc2ae7e7e0c13c5.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5408
                                                                                                                                                                                                          Entropy (8bit):2.9634222699777135
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:5qUsFUeGL3SJR732RCwVAH5g1nNZzU/ukqEfB57glNu:51sFzGL3fvqenjA38k
                                                                                                                                                                                                          MD5:5260D7E83569B288E3700B344C1F69D6
                                                                                                                                                                                                          SHA1:571716CE80CE9F3882966124AA3828C2615CC654
                                                                                                                                                                                                          SHA-256:7428B995360D66A2171CC86B3CF7F2233A3C31F62498FDEB993DBF51B5D9A68E
                                                                                                                                                                                                          SHA-512:BF315A974D536B3C31831C8255C6589EF52D44896A067279BF772077A5E4A9F5DD73784EFFB3C79022E189A7017CB5147B0BFC6D23BCD20A0EBFCB98B9F99C33
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......D.yP.... ...................................................y..b..Z=7.............P.=...r,......6................... ....... ....... ....... ...............................................................................5...5...........0...x...........p...........x.......#...3.......3.......C.......c...S...`...C...p...c...S...p...C.......C...................S.......S...`...C.......C.......................................,...-......./...0...1...2...3...........@...............8.......8...............5.P.................5.....L...:.........@...............8.......8...............6.P.................6.....:.....@...............8.......8...............7.P.................7.....:.....@...............8.......8...............1...................1.........:.h.L...:.H.......@...............8.......8...............2...................2.........:.h.L...:.H.......@...............8.......8...............<...................<.....:.....@...............8.......8...............=.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0687ad87eb80646ceadbcb1accc2ae7e7e0c13c5.qmlc.MhpTLO

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5408
                                                                                                                                                                                                          Entropy (8bit):2.9634222699777135
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:5qUsFUeGL3SJR732RCwVAH5g1nNZzU/ukqEfB57glNu:51sFzGL3fvqenjA38k
                                                                                                                                                                                                          MD5:5260D7E83569B288E3700B344C1F69D6
                                                                                                                                                                                                          SHA1:571716CE80CE9F3882966124AA3828C2615CC654
                                                                                                                                                                                                          SHA-256:7428B995360D66A2171CC86B3CF7F2233A3C31F62498FDEB993DBF51B5D9A68E
                                                                                                                                                                                                          SHA-512:BF315A974D536B3C31831C8255C6589EF52D44896A067279BF772077A5E4A9F5DD73784EFFB3C79022E189A7017CB5147B0BFC6D23BCD20A0EBFCB98B9F99C33
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......D.yP.... ...................................................y..b..Z=7.............P.=...r,......6................... ....... ....... ....... ...............................................................................5...5...........0...x...........p...........x.......#...3.......3.......C.......c...S...`...C...p...c...S...p...C.......C...................S.......S...`...C.......C.......................................,...-......./...0...1...2...3...........@...............8.......8...............5.P.................5.....L...:.........@...............8.......8...............6.P.................6.....:.....@...............8.......8...............7.P.................7.....:.....@...............8.......8...............1...................1.........:.h.L...:.H.......@...............8.......8...............2...................2.........:.h.L...:.H.......@...............8.......8...............<...................<.....:.....@...............8.......8...............=.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0b01d8a6f75a0e84feef0ffb4fb92d74c84a2034.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17240
                                                                                                                                                                                                          Entropy (8bit):3.2734692069524747
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:GNiboxGofHXyqst36VVVw4VrFenUVSV2VWWpF/hVKXsMNTy0+Co+:GNiboxGP3wXdvotWp5KXsM0BCo+
                                                                                                                                                                                                          MD5:04035F854ACEC3D3D190F75F55F9FEE2
                                                                                                                                                                                                          SHA1:727A935D6D6C7A4B10A1D9668640360053E381E0
                                                                                                                                                                                                          SHA-256:259D6F0A49A5F7977630AEFD478CFC29A3E20DA77712FC7B00B84ACE728BAA92
                                                                                                                                                                                                          SHA-512:08475C95E2B32F6D48EF54DD1BA9311BD7257EF6E422CADA5B4A34815D21706506E09278503628DD611F502F971D4AF4FE5F039865419DC0643E5424B9824C32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......T.yP....XC...................................................hq...K.=.%+.5.0L......"[-...Y............#............................................................................................................................9..........`...........8...........0...............p....... ...x.......(...........................x.......................X...........`...................0.......P....................................... ...3...c...@...s...................................P...........................................S...........................S...........S...........................3...................#...........A.......#...........A...P.......`...q...........................S...........................................................@...........s.......................c...........................S...........3............................... ...A...............@...........................0.......0.......0... ...@.......P...@.......`...3...c.......................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0b01d8a6f75a0e84feef0ffb4fb92d74c84a2034.qmlc.GTkCGK

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17240
                                                                                                                                                                                                          Entropy (8bit):3.2734692069524747
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:GNiboxGofHXyqst36VVVw4VrFenUVSV2VWWpF/hVKXsMNTy0+Co+:GNiboxGP3wXdvotWp5KXsM0BCo+
                                                                                                                                                                                                          MD5:04035F854ACEC3D3D190F75F55F9FEE2
                                                                                                                                                                                                          SHA1:727A935D6D6C7A4B10A1D9668640360053E381E0
                                                                                                                                                                                                          SHA-256:259D6F0A49A5F7977630AEFD478CFC29A3E20DA77712FC7B00B84ACE728BAA92
                                                                                                                                                                                                          SHA-512:08475C95E2B32F6D48EF54DD1BA9311BD7257EF6E422CADA5B4A34815D21706506E09278503628DD611F502F971D4AF4FE5F039865419DC0643E5424B9824C32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......T.yP....XC...................................................hq...K.=.%+.5.0L......"[-...Y............#............................................................................................................................9..........`...........8...........0...............p....... ...x.......(...........................x.......................X...........`...................0.......P....................................... ...3...c...@...s...................................P...........................................S...........................S...........S...........................3...................#...........A.......#...........A...P.......`...q...........................S...........................................................@...........s.......................c...........................S...........3............................... ...A...............@...........................0.......0.......0... ...@.......P...@.......`...3...c.......................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\114153de861c033831c95e153d52cad921f484f3.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21948
                                                                                                                                                                                                          Entropy (8bit):3.2522981716285027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:1W6P7jIqX3kvMXmL/0gdBLqVen2VO1laSA5AVSV2oVg6fQARoiiJCiczOJL+:fk0XmL/hQzqobS64AmPeOc
                                                                                                                                                                                                          MD5:4F17AD1602745CB58EE1225C5297D2A9
                                                                                                                                                                                                          SHA1:8D887A73C31F723DB10EC9F3C918C7727F1BA333
                                                                                                                                                                                                          SHA-256:68CBD4CE4D3E6621EDF30B2EB15D828BEC6A2924BF4683F7199E8DB27681721B
                                                                                                                                                                                                          SHA-512:A50A3ECDDE7DA0EFC0F72609BDFB28131B4AF094C5B06405B3EC9DF57FE3E5A583E11CA8C127E1EE3AE52F6755EEB56D4F91A135A513868C9327D630DA1B55A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....U..................................................0An..^[...@&`1$.Y.z..-..lF..G..............-...........................................L.......P........................................................................D..........p....... ...h....... ........... ...h.......@...0...........p...........P...........(...p...........p...........`.......@... ...........P...........`....... ...........H....... ...#.......#.......c...#...........p...c...#.......#...............c.......#.......................#.......S.......................................#.......#.......#...............#...................................c...0...........@.......@...c...P...........`...........c...`...............................c...P...c...P...#...p....................................................... ...............................#....................................................................... ...0.......@....... ...#.......P...#...`...................`...................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\114153de861c033831c95e153d52cad921f484f3.qmlc.UNkdAO

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21948
                                                                                                                                                                                                          Entropy (8bit):3.2522981716285027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:1W6P7jIqX3kvMXmL/0gdBLqVen2VO1laSA5AVSV2oVg6fQARoiiJCiczOJL+:fk0XmL/hQzqobS64AmPeOc
                                                                                                                                                                                                          MD5:4F17AD1602745CB58EE1225C5297D2A9
                                                                                                                                                                                                          SHA1:8D887A73C31F723DB10EC9F3C918C7727F1BA333
                                                                                                                                                                                                          SHA-256:68CBD4CE4D3E6621EDF30B2EB15D828BEC6A2924BF4683F7199E8DB27681721B
                                                                                                                                                                                                          SHA-512:A50A3ECDDE7DA0EFC0F72609BDFB28131B4AF094C5B06405B3EC9DF57FE3E5A583E11CA8C127E1EE3AE52F6755EEB56D4F91A135A513868C9327D630DA1B55A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....U..................................................0An..^[...@&`1$.Y.z..-..lF..G..............-...........................................L.......P........................................................................D..........p....... ...h....... ........... ...h.......@...0...........p...........P...........(...p...........p...........`.......@... ...........P...........`....... ...........H....... ...#.......#.......c...#...........p...c...#.......#...............c.......#.......................#.......S.......................................#.......#.......#...............#...................................c...0...........@.......@...c...P...........`...........c...`...............................c...P...c...P...#...p....................................................... ...............................#....................................................................... ...0.......@....... ...#.......P...#...`...................`...................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1432167348178a27baf53b7d0b72e9a585d7048c.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):27168
                                                                                                                                                                                                          Entropy (8bit):3.003321194923412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/XuUuf8iNFV0kyTJRbyi2+FcQ1jdYjum0ZF3R8WQyetmwQyO6a1RoIdrzhWpc:/eqDJ5xcQT7CBpmzyOb1Roqh/
                                                                                                                                                                                                          MD5:A8B14F6A20CE802F7B1BA3C2536EC151
                                                                                                                                                                                                          SHA1:9A11B715312B774C3DD10AB59DAB5DDE2E74A64B
                                                                                                                                                                                                          SHA-256:C8267F19D2286968A3ACDD7C8EF86920576576C573E4A0D743652CEA5AFF122E
                                                                                                                                                                                                          SHA-512:F3F099FC1ACD2AE4697AD2639A38014C1B24823A253D315EFB1BFAE42C631D8EC40F079C5D315B85D7B63B2504BCFA8759EEC7E356947AC6E810782BB9B3725B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......m.yP.... j....................................................5.N..).SL...B.$.....A.el.6Fe.............J........... ....... ....... ....... .......................x.......x.......x.......x.......x.......x.......x...............XC..x...........P...........(...p...........H...........X...........0...............`...........8...............`...........@...............`...........X...........8........... ...h...........P...........H...........@...........8...........@...........8...........(...x.......P....... ...........8...s.......s.......s.......s.......s.......s.......s.......s.......s...............c...3...........@.......p...........p...3...........@...3...........................#.......C...............`.......#...............P.......@.......`.......p...#.......#.......#.......#.......s.......s.......s...................P.......`...........c...c...............p.......................#...................`.......@.......p...c...............c...c...............p.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1432167348178a27baf53b7d0b72e9a585d7048c.qmlc.xkOJiB

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):27168
                                                                                                                                                                                                          Entropy (8bit):3.003321194923412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/XuUuf8iNFV0kyTJRbyi2+FcQ1jdYjum0ZF3R8WQyetmwQyO6a1RoIdrzhWpc:/eqDJ5xcQT7CBpmzyOb1Roqh/
                                                                                                                                                                                                          MD5:A8B14F6A20CE802F7B1BA3C2536EC151
                                                                                                                                                                                                          SHA1:9A11B715312B774C3DD10AB59DAB5DDE2E74A64B
                                                                                                                                                                                                          SHA-256:C8267F19D2286968A3ACDD7C8EF86920576576C573E4A0D743652CEA5AFF122E
                                                                                                                                                                                                          SHA-512:F3F099FC1ACD2AE4697AD2639A38014C1B24823A253D315EFB1BFAE42C631D8EC40F079C5D315B85D7B63B2504BCFA8759EEC7E356947AC6E810782BB9B3725B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......m.yP.... j....................................................5.N..).SL...B.$.....A.el.6Fe.............J........... ....... ....... ....... .......................x.......x.......x.......x.......x.......x.......x...............XC..x...........P...........(...p...........H...........X...........0...............`...........8...............`...........@...............`...........X...........8........... ...h...........P...........H...........@...........8...........@...........8...........(...x.......P....... ...........8...s.......s.......s.......s.......s.......s.......s.......s.......s...............c...3...........@.......p...........p...3...........@...3...........................#.......C...............`.......#...............P.......@.......`.......p...#.......#.......#.......#.......s.......s.......s...................P.......`...........c...c...............p.......................#...................`.......@.......p...c...............c...c...............p.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\18d32c2a02a6cec587c35e334bb266f6f05f21d8.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28716
                                                                                                                                                                                                          Entropy (8bit):3.1130735393106153
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Cgm9RojIf+ObG+HGNsY//USJSgTGSNteNRd:CgmMfObG+HFmUS+SNtSRd
                                                                                                                                                                                                          MD5:D58E12029E38A23D55CADEB063B707E3
                                                                                                                                                                                                          SHA1:F8691A3020D2C3326AE6876EE36C85ADEE274776
                                                                                                                                                                                                          SHA-256:D0C01EDBB348049986BD2359ECAFAC77BA188CEDCC513B7CAADAC4441F30E712
                                                                                                                                                                                                          SHA-512:B5571F39D2971FF06CCF03829C4FD0B5F38DFA39FA52F63A16A71E83A932C47015A8BE19A3D6C97DCB18166FBC75608FEFF4C204A387AB2E374742E39D3BEC42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......X.yP....,p..................................................|........&...D...t.:.R. ...}4...............D...........................................|...............................................................................hI......P.......P.......(...p...........P...........P...........P...........8...........H...........0...........(...x...........P...........0...........8...........@...........H...........P...........P....... ........... ...........P...........P...........8...................3...3... ...3...3.......#...................`.......c.......`...s.......`...........`...............3........... ...S.......3...0...c...`.......................0...........3........... .......C.......`...c.......3...@............... .......c...C.......`...c...........3........... ...........S...S.......3...........`...3...0...3...........`...............0...S...S...............3...p.......`...C...3...0...............c...`...........`....... ...c.......c.......3.......s...3...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\18d32c2a02a6cec587c35e334bb266f6f05f21d8.qmlc.beteIs

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28716
                                                                                                                                                                                                          Entropy (8bit):3.1130735393106153
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Cgm9RojIf+ObG+HGNsY//USJSgTGSNteNRd:CgmMfObG+HFmUS+SNtSRd
                                                                                                                                                                                                          MD5:D58E12029E38A23D55CADEB063B707E3
                                                                                                                                                                                                          SHA1:F8691A3020D2C3326AE6876EE36C85ADEE274776
                                                                                                                                                                                                          SHA-256:D0C01EDBB348049986BD2359ECAFAC77BA188CEDCC513B7CAADAC4441F30E712
                                                                                                                                                                                                          SHA-512:B5571F39D2971FF06CCF03829C4FD0B5F38DFA39FA52F63A16A71E83A932C47015A8BE19A3D6C97DCB18166FBC75608FEFF4C204A387AB2E374742E39D3BEC42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......X.yP....,p..................................................|........&...D...t.:.R. ...}4...............D...........................................|...............................................................................hI......P.......P.......(...p...........P...........P...........P...........8...........H...........0...........(...x...........P...........0...........8...........@...........H...........P...........P....... ........... ...........P...........P...........8...................3...3... ...3...3.......#...................`.......c.......`...s.......`...........`...............3........... ...S.......3...0...c...`.......................0...........3........... .......C.......`...c.......3...@............... .......c...C.......`...c...........3........... ...........S...S.......3...........`...3...0...3...........`...............0...S...S...............3...p.......`...C...3...0...............c...`...........`....... ...c.......c.......3.......s...3...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1be11c46b02efe939938924dc3693ef3c706c16e.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1124
                                                                                                                                                                                                          Entropy (8bit):2.8704284406800755
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:4SXafu1EEEEEEEApcbm3ulKCiRwdZMr0/dxtBKgdpsbKS/r9Hg/LsEfEEwx06Et0:LOujDqKCiRqZpogdGKS5Ab8Jvf
                                                                                                                                                                                                          MD5:CDEA26E2BE1F111941965041394EC3EF
                                                                                                                                                                                                          SHA1:E6D0CDCF91C59E4ED03DEF30195B70E010596755
                                                                                                                                                                                                          SHA-256:A23BD96AA2C497276AA6F1BC437612D7265F1DEFE0E0468BDF94FCB878B9F5B1
                                                                                                                                                                                                          SHA-512:06D0CA166DDE38955AE3191F3735E7CE6D66DAA437F983A50F06FFB0BC936AC8C6683601BED6C31DF929E9D2AF35A1146629D85C13ED77C9989A43C9D500242D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......D.yP....d....................................................T.......W.d.B..Km..Gf...._E.....................................................................................................................................................(...H...p...............(...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.O.b.j.e.c.t.................................C.o.m.p.o.n.e.n.t...............................b.a.c.k.g.r.o.u.n.d.............................l.a.b.e.l...............................s.u.b.m.e.n.u.I.n.d.i.c.a.t.o.r.................................s.h.o.r.t.c.u.t.................................c.h.e.c.k.m.a.r.k.I.n.d.i.c.a.t.o.r.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.M.e.n.u.I.t.e.m.S.u.b.C.o.n.t.r.o.l.s...q.m.l...................(.......................(...,.......................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1be11c46b02efe939938924dc3693ef3c706c16e.qmlc.vtzTqf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1124
                                                                                                                                                                                                          Entropy (8bit):2.8704284406800755
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:4SXafu1EEEEEEEApcbm3ulKCiRwdZMr0/dxtBKgdpsbKS/r9Hg/LsEfEEwx06Et0:LOujDqKCiRqZpogdGKS5Ab8Jvf
                                                                                                                                                                                                          MD5:CDEA26E2BE1F111941965041394EC3EF
                                                                                                                                                                                                          SHA1:E6D0CDCF91C59E4ED03DEF30195B70E010596755
                                                                                                                                                                                                          SHA-256:A23BD96AA2C497276AA6F1BC437612D7265F1DEFE0E0468BDF94FCB878B9F5B1
                                                                                                                                                                                                          SHA-512:06D0CA166DDE38955AE3191F3735E7CE6D66DAA437F983A50F06FFB0BC936AC8C6683601BED6C31DF929E9D2AF35A1146629D85C13ED77C9989A43C9D500242D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......D.yP....d....................................................T.......W.d.B..Km..Gf...._E.....................................................................................................................................................(...H...p...............(...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.O.b.j.e.c.t.................................C.o.m.p.o.n.e.n.t...............................b.a.c.k.g.r.o.u.n.d.............................l.a.b.e.l...............................s.u.b.m.e.n.u.I.n.d.i.c.a.t.o.r.................................s.h.o.r.t.c.u.t.................................c.h.e.c.k.m.a.r.k.I.n.d.i.c.a.t.o.r.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.M.e.n.u.I.t.e.m.S.u.b.C.o.n.t.r.o.l.s...q.m.l...................(.......................(...,.......................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\27daa4fa9e21025f80799f4eff3948fc8687755a.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8128
                                                                                                                                                                                                          Entropy (8bit):3.231401335368503
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:hirC5d86+JvOKcrXSE0Xhp231pHJNxOfxskkhVSL6J+ByOaIB5iT9g+FS:hiV6KeD+s5k23CCFS
                                                                                                                                                                                                          MD5:AA48F5A929218E2B4E023F9D9B65FD15
                                                                                                                                                                                                          SHA1:D431B918B9BC80067B8C00BA0998A6AB9D6B9C91
                                                                                                                                                                                                          SHA-256:2039684000DD8FBC794E8E98F3A0278939B4CC084B9ACC43E48665B46AC9DD0D
                                                                                                                                                                                                          SHA-512:EFE7D38C18668AC3DF53304B040041039F4C862D94CE42B1C72F62D1F1F2935555EFAFD6FA12239DFF6C0A7C7BFB689125BBC9B789CA719DFAF590D7DF9AF9CC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP..........................................................:EX....d..`(.AB......vd;.........L...8...............H.......H.......H...L...H.......x.......................................................................K...K...h........... ...p.......(...x...........X...........H...........@...........@...............`...........................3...................................#...#.......#...#.......3...S...#...#...................p................... .......0...#...#...@...#...#...P.......3.......`...S.......p...#...#...............0...........3...........3...........3...........3...........3...S...............@...............8.......8...............A.P.................A.....L...:.H.......@...............8.......8...............B.P.................B.....L...:.H.......@...............8.......8...............C.P.................C.....L...:.H.......H...&...........8.......8...............F.P.................F.......G........h.J...pL..H...L...:.L...:.H........@.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\27daa4fa9e21025f80799f4eff3948fc8687755a.qmlc.svwQmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8128
                                                                                                                                                                                                          Entropy (8bit):3.231401335368503
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:hirC5d86+JvOKcrXSE0Xhp231pHJNxOfxskkhVSL6J+ByOaIB5iT9g+FS:hiV6KeD+s5k23CCFS
                                                                                                                                                                                                          MD5:AA48F5A929218E2B4E023F9D9B65FD15
                                                                                                                                                                                                          SHA1:D431B918B9BC80067B8C00BA0998A6AB9D6B9C91
                                                                                                                                                                                                          SHA-256:2039684000DD8FBC794E8E98F3A0278939B4CC084B9ACC43E48665B46AC9DD0D
                                                                                                                                                                                                          SHA-512:EFE7D38C18668AC3DF53304B040041039F4C862D94CE42B1C72F62D1F1F2935555EFAFD6FA12239DFF6C0A7C7BFB689125BBC9B789CA719DFAF590D7DF9AF9CC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP..........................................................:EX....d..`(.AB......vd;.........L...8...............H.......H.......H...L...H.......x.......................................................................K...K...h........... ...p.......(...x...........X...........H...........@...........@...............`...........................3...................................#...#.......#...#.......3...S...#...#...................p................... .......0...#...#...@...#...#...P.......3.......`...S.......p...#...#...............0...........3...........3...........3...........3...........3...S...............@...............8.......8...............A.P.................A.....L...:.H.......@...............8.......8...............B.P.................B.....L...:.H.......@...............8.......8...............C.P.................C.....L...:.H.......H...&...........8.......8...............F.P.................F.......G........h.J...pL..H...L...:.L...:.H........@.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\2d8348bf56c0b141f8889af98c68b0e985a29065.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4960
                                                                                                                                                                                                          Entropy (8bit):3.035182136484637
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:lohiyeB1qr1b5ybB37K++fpu7taNps4ry4B0ZXQOe:lohiyeB121bYj4eJXRe
                                                                                                                                                                                                          MD5:4DAE0DF1678FA2F10F799E7A9220A7A9
                                                                                                                                                                                                          SHA1:5763FB830C29C4C58CD54BDD88C30EE3ED113B29
                                                                                                                                                                                                          SHA-256:4F5446971572FE7B4F56E89410221E872BD39C4008AE4E03D53BF99914F1EA88
                                                                                                                                                                                                          SHA-512:D81DB2DEB877AEF3D6E0B7488E9D3716365B274D80152D144C0410CE8DCC52E1C9DF6910920057ADADAA64431B47DC9FA6F18FB6290F754F1544DAC93ACE03DB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......%.yP....`...................................................W...>....;..........h.{W.k.*1.[....-... ...............$.......$.......$.......$...............................................................................,...,...............0........... ...h.......(...x.......c...@.......@................................... ...c...C...S.......`...s...C...................S.......`...s...C...........@...............8.......8...............=.P.................=.....:.....@...............8.......8...............@.P.................@.....:.....@...............8.......8...............E.P.................E.....L...:.H.......@...............8.......8...............F.P.................F.....L...:.H.......@...............8.......8...............G.P.................G.....L...:.H.......@...............8.......8...............O...................O...........@...............8.......8...............P...................P...........P...............8.......8...............R...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\2d8348bf56c0b141f8889af98c68b0e985a29065.qmlc.yhzGKh

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4960
                                                                                                                                                                                                          Entropy (8bit):3.035182136484637
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:lohiyeB1qr1b5ybB37K++fpu7taNps4ry4B0ZXQOe:lohiyeB121bYj4eJXRe
                                                                                                                                                                                                          MD5:4DAE0DF1678FA2F10F799E7A9220A7A9
                                                                                                                                                                                                          SHA1:5763FB830C29C4C58CD54BDD88C30EE3ED113B29
                                                                                                                                                                                                          SHA-256:4F5446971572FE7B4F56E89410221E872BD39C4008AE4E03D53BF99914F1EA88
                                                                                                                                                                                                          SHA-512:D81DB2DEB877AEF3D6E0B7488E9D3716365B274D80152D144C0410CE8DCC52E1C9DF6910920057ADADAA64431B47DC9FA6F18FB6290F754F1544DAC93ACE03DB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......%.yP....`...................................................W...>....;..........h.{W.k.*1.[....-... ...............$.......$.......$.......$...............................................................................,...,...............0........... ...h.......(...x.......c...@.......@................................... ...c...C...S.......`...s...C...................S.......`...s...C...........@...............8.......8...............=.P.................=.....:.....@...............8.......8...............@.P.................@.....:.....@...............8.......8...............E.P.................E.....L...:.H.......@...............8.......8...............F.P.................F.....L...:.H.......@...............8.......8...............G.P.................G.....L...:.H.......@...............8.......8...............O...................O...........@...............8.......8...............P...................P...........P...............8.......8...............R...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\30dd8e4deb56ed0a12c51af42cc69591ba8e2942.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30156
                                                                                                                                                                                                          Entropy (8bit):3.6358051680021215
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:79op34NNial4VNmWfQKWxFCZ9HVGKkcK0aD0osF1guDPEgG2iN7AC+ml5RsFjHah:79VNiaWgWfYFK/jtFlD8g/sPEkCawgJ3
                                                                                                                                                                                                          MD5:64FC96815EAE9FAA37FAAD02545C9EC0
                                                                                                                                                                                                          SHA1:34E26B4CFF31B1E5D763CEA9A1C8B9FFAF34CAE4
                                                                                                                                                                                                          SHA-256:1A3645F84061F67FFE1091D03DFFC694EC0E60CCD68BA2F75C597AEF1DD443E5
                                                                                                                                                                                                          SHA-512:C32373C8F493212A6D6E378E2FFFEA7DB5B8166784025F453EF55A7488E11B18CE57E69FEF7603E151235244DF780CA4110DB416A03937F6256EF04DBF01810C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....u...................................................C);...C}X!...m....669.bRb..(.A.........7..=...............................-............................................................................................e......H...........@...........(...p...........`...........`...................(...........H...........X...........................`...........`...........h...........h...........h...0...( ...#...%...&...'...(...*..X,..h........0...5.. 6..h6...6..s...................p.......c...................................S...S...................................................c.......`...................................................................................................c...............................................................`...............................................................................................................c...................3...............#...!...C............... ...C...................s...0...s...@...s...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\30dd8e4deb56ed0a12c51af42cc69591ba8e2942.qmlc.tWfuVu

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30156
                                                                                                                                                                                                          Entropy (8bit):3.6358051680021215
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:79op34NNial4VNmWfQKWxFCZ9HVGKkcK0aD0osF1guDPEgG2iN7AC+ml5RsFjHah:79VNiaWgWfYFK/jtFlD8g/sPEkCawgJ3
                                                                                                                                                                                                          MD5:64FC96815EAE9FAA37FAAD02545C9EC0
                                                                                                                                                                                                          SHA1:34E26B4CFF31B1E5D763CEA9A1C8B9FFAF34CAE4
                                                                                                                                                                                                          SHA-256:1A3645F84061F67FFE1091D03DFFC694EC0E60CCD68BA2F75C597AEF1DD443E5
                                                                                                                                                                                                          SHA-512:C32373C8F493212A6D6E378E2FFFEA7DB5B8166784025F453EF55A7488E11B18CE57E69FEF7603E151235244DF780CA4110DB416A03937F6256EF04DBF01810C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....u...................................................C);...C}X!...m....669.bRb..(.A.........7..=...............................-............................................................................................e......H...........@...........(...p...........`...........`...................(...........H...........X...........................`...........`...........h...........h...........h...0...( ...#...%...&...'...(...*..X,..h........0...5.. 6..h6...6..s...................p.......c...................................S...S...................................................c.......`...................................................................................................c...............................................................`...............................................................................................................c...................3...............#...!...C............... ...C...................s...0...s...@...s...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\333edca0c6b3ada07efc4e84a4b957a2adb8d5c0.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):37168
                                                                                                                                                                                                          Entropy (8bit):3.195181746074262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:3YRwOoCDWDmjwhOwegx33SVfsMAk4K37+bebePKg:HCqTORm33SdVUK36JR
                                                                                                                                                                                                          MD5:4A117CA523C2E9326641DD2F807C1957
                                                                                                                                                                                                          SHA1:50BCB8E07EA2980FDD0C39CA0513B64EF013D504
                                                                                                                                                                                                          SHA-256:9BF1F5D340E1D5A81F62F323F1B71711D590FACE38AE5FD91B65AF90B213D217
                                                                                                                                                                                                          SHA-512:149C89E0B59920C5898FC160F855CE42970904B4DC390FE578FFBC6512A50BB9329EE177B4770F034A3828DBFC1B75A6402F10475F786B9B1715332D8A5B6E91
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......w.yP....0...................................................a...A..M.....s?.....ZA.i>.2..........1..m...............................q...........p.......p........................................................................a......(...........0...........8.......@.......`...........H.......................p...........`...........H...........X...........`...........X...........x....... ...p...........`.......`.......`.......P...........H...........P...........P ... ... ..H!...!...!..h"..."..8#...#...#.. $...$...$.. %..p%...%..P&...&...&..`'...'..P(...(...)..p)...).. *..p*...*.. +..p+...+...,..`,...,...-...-...-..0............/..p/.../.. 0..x0...0..(1..p1..C...s.......s.......s.......s...........P...s...........p...s...........................S.......S...#...S.......S...s...............s...............#...................................0...s.......#...............S...............#...........S.......0...#...............S.......S...............#...........0...#...0...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\333edca0c6b3ada07efc4e84a4b957a2adb8d5c0.qmlc.nMtxvT

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):37168
                                                                                                                                                                                                          Entropy (8bit):3.195181746074262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:3YRwOoCDWDmjwhOwegx33SVfsMAk4K37+bebePKg:HCqTORm33SdVUK36JR
                                                                                                                                                                                                          MD5:4A117CA523C2E9326641DD2F807C1957
                                                                                                                                                                                                          SHA1:50BCB8E07EA2980FDD0C39CA0513B64EF013D504
                                                                                                                                                                                                          SHA-256:9BF1F5D340E1D5A81F62F323F1B71711D590FACE38AE5FD91B65AF90B213D217
                                                                                                                                                                                                          SHA-512:149C89E0B59920C5898FC160F855CE42970904B4DC390FE578FFBC6512A50BB9329EE177B4770F034A3828DBFC1B75A6402F10475F786B9B1715332D8A5B6E91
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......w.yP....0...................................................a...A..M.....s?.....ZA.i>.2..........1..m...............................q...........p.......p........................................................................a......(...........0...........8.......@.......`...........H.......................p...........`...........H...........X...........`...........X...........x....... ...p...........`.......`.......`.......P...........H...........P...........P ... ... ..H!...!...!..h"..."..8#...#...#.. $...$...$.. %..p%...%..P&...&...&..`'...'..P(...(...)..p)...).. *..p*...*.. +..p+...+...,..`,...,...-...-...-..0............/..p/.../.. 0..x0...0..(1..p1..C...s.......s.......s.......s...........P...s...........p...s...........................S.......S...#...S.......S...s...............s...............#...................................0...s.......#...............S...............#...........S.......0...#...............S.......S...............#...........0...#...0...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\353fdfaef3911f48bd642aec8898b18abf9a4612.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50460
                                                                                                                                                                                                          Entropy (8bit):3.18467022897343
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:iWLfp9Tk6jGCOH6WRDSlDaDCP1kgTUOJlo:Vjp9Tk6juRDSlDdCn
                                                                                                                                                                                                          MD5:3EC0F19DD41B964C9757ADF4263942F6
                                                                                                                                                                                                          SHA1:BFD87382A12CC46713085F513318351CD73D9C44
                                                                                                                                                                                                          SHA-256:F5A8BEB05E28C9856D53971A2A90D8641EAEB89094BD7400F925F5B4515A33D1
                                                                                                                                                                                                          SHA-512:F06F005B297F3234EE4FF36510976057CC350D165AA4F334B77712D83F746DF1A29FF89F61F1186566D237351937C9C74E3FBC52654D3C997359687BD8E95D5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................5..?QwF...12.|..W...._%.....D.K....b...@?..{................................................... .......................H.......H.......H.......H.......H.......[...[.......H...........`...........H...........8...........X...........H...........0...x...........`...........p.......p...........X.......h.......8...........X...........h...........`.......`...........p...........`.......` ... ..(!...!..p"..P#..h$...$...%...%...&...&..('...'..P(...(...(..H)...)...)..H*...*...*..8+...+...+..(,...,...,..(-...-..0...........P/.../.../..h0...0...1..`1...1..H2...2..h3..p4...4..H5...5...5..(6..(7..x7...7..08...8...8...9..h9...9...:..P:...:...;..`;...;...<...<..P=...=...?..(?..........................#...............#...............#...P...#...............#...0...#...P.......0...C...S...`.......p...S...........................#.......`...Q.......#...`...#.......a.......0.......P.......p.......C...S...............s...P.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\353fdfaef3911f48bd642aec8898b18abf9a4612.qmlc.cAqWWH

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50460
                                                                                                                                                                                                          Entropy (8bit):3.18467022897343
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:iWLfp9Tk6jGCOH6WRDSlDaDCP1kgTUOJlo:Vjp9Tk6juRDSlDdCn
                                                                                                                                                                                                          MD5:3EC0F19DD41B964C9757ADF4263942F6
                                                                                                                                                                                                          SHA1:BFD87382A12CC46713085F513318351CD73D9C44
                                                                                                                                                                                                          SHA-256:F5A8BEB05E28C9856D53971A2A90D8641EAEB89094BD7400F925F5B4515A33D1
                                                                                                                                                                                                          SHA-512:F06F005B297F3234EE4FF36510976057CC350D165AA4F334B77712D83F746DF1A29FF89F61F1186566D237351937C9C74E3FBC52654D3C997359687BD8E95D5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................5..?QwF...12.|..W...._%.....D.K....b...@?..{................................................... .......................H.......H.......H.......H.......H.......[...[.......H...........`...........H...........8...........X...........H...........0...x...........`...........p.......p...........X.......h.......8...........X...........h...........`.......`...........p...........`.......` ... ..(!...!..p"..P#..h$...$...%...%...&...&..('...'..P(...(...(..H)...)...)..H*...*...*..8+...+...+..(,...,...,..(-...-..0...........P/.../.../..h0...0...1..`1...1..H2...2..h3..p4...4..H5...5...5..(6..(7..x7...7..08...8...8...9..h9...9...:..P:...:...;..`;...;...<...<..P=...=...?..(?..........................#...............#...............#...P...#...............#...0...#...P.......0...C...S...`.......p...S...........................#.......`...Q.......#...`...#.......a.......0.......P.......p.......C...S...............s...P.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3c310996c62472b3b51040d67420db607cc1d248.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4676
                                                                                                                                                                                                          Entropy (8bit):3.046547124362528
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:l1dh/EoBD6JFnLrXQs7gMHMoptDNsdAQ5NDRXAYBFZ:l1/cynbv1
                                                                                                                                                                                                          MD5:8A4EC49EDA33105D7BDC9683ED3207F0
                                                                                                                                                                                                          SHA1:E5CFC2CA33B4B2EF4F5E977FFC21A28666EF1264
                                                                                                                                                                                                          SHA-256:45F62E8C987FCE144144EFDC0EB11CD5A415177B4856568139BB5CAE2BA0AB50
                                                                                                                                                                                                          SHA-512:FA805D6340B25298071C256B52577E2286E2EB91733E84C7FE4BB097E3574B426DA61B4036F00DB591D515975F2AFBF1668C0765F7A649AB1C86B208D5159DE0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......%.yP....D...................................................M;....~...!..df..|v..b^.x...K....1.......................................!...................................................................................0...0...............@.......x...........P.......................#.......c...0...c...0...s...@.......3...3...P...3...P...s...s...........s.......................c...................@...............8.......8...............2.P.................2.....L...:.L...:.H.........@...............8.......8...............5.P.................5...........P...............8.......8...............A.P.................D.......E.......G.....pL...:.L...:............0.............h...J...........8.......8...............J.P.................K.......L.......N.......O.......R...H...U.....pL.....:.L...:.0&H3......:.:....+h.L...H...:.:....,h.L...H..-.......0.................@...............8.......8...............V.P.................V...........@...............8.......8...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3c310996c62472b3b51040d67420db607cc1d248.qmlc.HNWjcn

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4676
                                                                                                                                                                                                          Entropy (8bit):3.046547124362528
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:l1dh/EoBD6JFnLrXQs7gMHMoptDNsdAQ5NDRXAYBFZ:l1/cynbv1
                                                                                                                                                                                                          MD5:8A4EC49EDA33105D7BDC9683ED3207F0
                                                                                                                                                                                                          SHA1:E5CFC2CA33B4B2EF4F5E977FFC21A28666EF1264
                                                                                                                                                                                                          SHA-256:45F62E8C987FCE144144EFDC0EB11CD5A415177B4856568139BB5CAE2BA0AB50
                                                                                                                                                                                                          SHA-512:FA805D6340B25298071C256B52577E2286E2EB91733E84C7FE4BB097E3574B426DA61B4036F00DB591D515975F2AFBF1668C0765F7A649AB1C86B208D5159DE0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......%.yP....D...................................................M;....~...!..df..|v..b^.x...K....1.......................................!...................................................................................0...0...............@.......x...........P.......................#.......c...0...c...0...s...@.......3...3...P...3...P...s...s...........s.......................c...................@...............8.......8...............2.P.................2.....L...:.L...:.H.........@...............8.......8...............5.P.................5...........P...............8.......8...............A.P.................D.......E.......G.....pL...:.L...:............0.............h...J...........8.......8...............J.P.................K.......L.......N.......O.......R...H...U.....pL.....:.L...:.0&H3......:.:....+h.L...H...:.:....,h.L...H..-.......0.................@...............8.......8...............V.P.................V...........@...............8.......8...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d116b123058b4a81ba7300f94307fd73504de7d.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50668
                                                                                                                                                                                                          Entropy (8bit):3.404627032051574
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:XDGOqtdbMFA/teMWDevOhxT5MAZGJQtZPP4Nb4KRiJ4kCoGniQ+zCPJcM7LKwZnx:7qtdEA/ISm2AZWqUlkCo2i1hM7Lr
                                                                                                                                                                                                          MD5:27DB3ECE0B0D0876B4E9D5DD6056FEFA
                                                                                                                                                                                                          SHA1:147ED265ED0687B3F63890E9221DCB2B78C11B75
                                                                                                                                                                                                          SHA-256:CAB5351C092C018C754998CB57E40CC1E5E37AF88A8989D06452B201322DE2A1
                                                                                                                                                                                                          SHA-512:01FBF32FAD6BD4214B3BFB6FC85DCDD74895DCA1ED3B04A3A65197CF1F86A142D1A368B83F99F5918588DB165982B0EBF68AAB1FF18CD65AE6C2552BECB7893D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................'...J.e.O...o..$..........R.{L....`....G..............,.......,.......,...1...,.......................X.......h.......h.......h.......h.......h.......h.......]...].......h...........h...........H...........(...p...........X.......8...............h...........@...........8...........0...x.......@...........(...x...........h...........h...........H.......@...........X...........P...........@...........( ..x ... ...!..h!...!..8"..."..."...#...$..8%...&...&..H'...'...(..H(...(...(..8)...)...)..`*...*...*..H+...+...+..0,...,...,..H-......x.......@/.../.../..80...0...0..81...1...1..@5...6...8...8...9..0:...:...:...;...<..X<...<...<..@=...=..X>...?...?..x@...@...A...A...A..8B...B...B..8C...C...C..@D...D...D..PE...E...F..XF...F..(G......C...S...`...............`...`...P.......S...............@.......`...S...`...S...S...............p...S...0...s.......C.......C.......C...C.......C.......C...........`...C...........`...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d116b123058b4a81ba7300f94307fd73504de7d.qmlc.orSksc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50668
                                                                                                                                                                                                          Entropy (8bit):3.404627032051574
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:XDGOqtdbMFA/teMWDevOhxT5MAZGJQtZPP4Nb4KRiJ4kCoGniQ+zCPJcM7LKwZnx:7qtdEA/ISm2AZWqUlkCo2i1hM7Lr
                                                                                                                                                                                                          MD5:27DB3ECE0B0D0876B4E9D5DD6056FEFA
                                                                                                                                                                                                          SHA1:147ED265ED0687B3F63890E9221DCB2B78C11B75
                                                                                                                                                                                                          SHA-256:CAB5351C092C018C754998CB57E40CC1E5E37AF88A8989D06452B201322DE2A1
                                                                                                                                                                                                          SHA-512:01FBF32FAD6BD4214B3BFB6FC85DCDD74895DCA1ED3B04A3A65197CF1F86A142D1A368B83F99F5918588DB165982B0EBF68AAB1FF18CD65AE6C2552BECB7893D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................'...J.e.O...o..$..........R.{L....`....G..............,.......,.......,...1...,.......................X.......h.......h.......h.......h.......h.......h.......]...].......h...........h...........H...........(...p...........X.......8...............h...........@...........8...........0...x.......@...........(...x...........h...........h...........H.......@...........X...........P...........@...........( ..x ... ...!..h!...!..8"..."..."...#...$..8%...&...&..H'...'...(..H(...(...(..8)...)...)..`*...*...*..H+...+...+..0,...,...,..H-......x.......@/.../.../..80...0...0..81...1...1..@5...6...8...8...9..0:...:...:...;...<..X<...<...<..@=...=..X>...?...?..x@...@...A...A...A..8B...B...B..8C...C...C..@D...D...D..PE...E...F..XF...F..(G......C...S...`...............`...`...P.......S...............@.......`...S...`...S...S...............p...S...0...s.......C.......C.......C...C.......C.......C...........`...C...........`...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d97e4d68add4690c406bffa103dbc3bacab44dc.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1228
                                                                                                                                                                                                          Entropy (8bit):2.875645482357998
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:vEPwDSEEEEEEEATE7Q1cz3/jt/Kb4yRU5Z/gxz3JDKgdpsbKS/rVvVvEENoZ47U:vfKoJ3J142yx7JWgdGKSJ9MRv
                                                                                                                                                                                                          MD5:F6C57386DF4F2D42B2A4918E037D6055
                                                                                                                                                                                                          SHA1:EDAB657F15F88E1975B3E14395FB1A291BFDF259
                                                                                                                                                                                                          SHA-256:B274F4FC55D1B60EC28225926FC298396B11DF9F6C42209A32BEAA7567BC6E6C
                                                                                                                                                                                                          SHA-512:04F7C53D30F533710733C4DC794965CAEC8EE0AEF20A48676755B0A38175A272515F08F831B61504131AF91490C8715D2733FE83FEC2493DCB15C10E37693FA9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP...............................................................k......-.L|..].HC...F.8.........H...........................................................................................................................................@...............8.......8...............4.P.................4...........p...............H...................H...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................A.b.s.t.r.a.c.t.S.t.y.l.e...............................I.t.e.m.................................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........K...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.S.t.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d97e4d68add4690c406bffa103dbc3bacab44dc.qmlc.iCqLIl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1228
                                                                                                                                                                                                          Entropy (8bit):2.875645482357998
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:vEPwDSEEEEEEEATE7Q1cz3/jt/Kb4yRU5Z/gxz3JDKgdpsbKS/rVvVvEENoZ47U:vfKoJ3J142yx7JWgdGKSJ9MRv
                                                                                                                                                                                                          MD5:F6C57386DF4F2D42B2A4918E037D6055
                                                                                                                                                                                                          SHA1:EDAB657F15F88E1975B3E14395FB1A291BFDF259
                                                                                                                                                                                                          SHA-256:B274F4FC55D1B60EC28225926FC298396B11DF9F6C42209A32BEAA7567BC6E6C
                                                                                                                                                                                                          SHA-512:04F7C53D30F533710733C4DC794965CAEC8EE0AEF20A48676755B0A38175A272515F08F831B61504131AF91490C8715D2733FE83FEC2493DCB15C10E37693FA9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP...............................................................k......-.L|..].HC...F.8.........H...........................................................................................................................................@...............8.......8...............4.P.................4...........p...............H...................H...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................A.b.s.t.r.a.c.t.S.t.y.l.e...............................I.t.e.m.................................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........K...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.S.t.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5500bd38753f2482e0659d7d69717145984ea43d.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20300
                                                                                                                                                                                                          Entropy (8bit):3.364419507090543
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Zc2gH1JT0ZaTmDL0VW4e+xYFbkkJ7dYMHzlGNFVfY/CFenJVSVKXNP1H+EL1BmoI:54vaXRz++VkOdYMHoIoS9hBE3p8c
                                                                                                                                                                                                          MD5:5681B473A94D570188E7765681483832
                                                                                                                                                                                                          SHA1:64152EE28D64F32B6E54BAFFDAA538599F66186A
                                                                                                                                                                                                          SHA-256:963B0A0893EEECB5D12F6B0E57571301AB57E15AC334D69E0FC7320D55B625A7
                                                                                                                                                                                                          SHA-512:E49A2FDB99DA537A12AB84352EE5EBA42871414ED8EC0D5C729A8DE0C7EF6A0E641DE5190557B5E425C78AAF819F8CE06B0B9228522CEFA5D5F7DCFA4F082F04
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....LO..................................................K.0.+A.c......<H......$....Si.O.............%...............................%........... ....... .......H.......H.......H.......H.......H.......H.......H...............0E..H........... ...h.......`...........X...........0....... ...................(.......(...........X........................... .......(...........H...s...`...s...........................s...................`...p...................s...........0.......................0...............................@...............@.......S.......`...........p...........................................@...............................................`...................................................................0.......`...................................................S.......0...........S...............#...........S.......`...............C...0.......p...............................................................S.......`.......s...P...s.......s...........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5500bd38753f2482e0659d7d69717145984ea43d.qmlc.rCVFho

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20300
                                                                                                                                                                                                          Entropy (8bit):3.364419507090543
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Zc2gH1JT0ZaTmDL0VW4e+xYFbkkJ7dYMHzlGNFVfY/CFenJVSVKXNP1H+EL1BmoI:54vaXRz++VkOdYMHoIoS9hBE3p8c
                                                                                                                                                                                                          MD5:5681B473A94D570188E7765681483832
                                                                                                                                                                                                          SHA1:64152EE28D64F32B6E54BAFFDAA538599F66186A
                                                                                                                                                                                                          SHA-256:963B0A0893EEECB5D12F6B0E57571301AB57E15AC334D69E0FC7320D55B625A7
                                                                                                                                                                                                          SHA-512:E49A2FDB99DA537A12AB84352EE5EBA42871414ED8EC0D5C729A8DE0C7EF6A0E641DE5190557B5E425C78AAF819F8CE06B0B9228522CEFA5D5F7DCFA4F082F04
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....LO..................................................K.0.+A.c......<H......$....Si.O.............%...............................%........... ....... .......H.......H.......H.......H.......H.......H.......H...............0E..H........... ...h.......`...........X...........0....... ...................(.......(...........X........................... .......(...........H...s...`...s...........................s...................`...p...................s...........0.......................0...............................@...............@.......S.......`...........p...........................................@...............................................`...................................................................0.......`...................................................S.......0...........S...............#...........S.......`...............C...0.......p...............................................................S.......`.......s...P...s.......s...........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5548f25dea105b158c4b87a94d79043dc15a77e7.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6480
                                                                                                                                                                                                          Entropy (8bit):3.0406068975788716
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:BVHEUl2Nq9E/N8HEvHJ5g1OqMLCp2NxFg1nN80OVqkKhYvBu/0mvE:0qo8knjzjFen9OAhY8vE
                                                                                                                                                                                                          MD5:C5FA32BAC8FBCC2B0F0FB81F7FF4E857
                                                                                                                                                                                                          SHA1:AA455E1C1A97A77B0B854A265F488056B4382A8D
                                                                                                                                                                                                          SHA-256:5DB01CA7A2E61BE366AB8DF5525B85F72595A53B767CB8CEDC258C683AE9719E
                                                                                                                                                                                                          SHA-512:2BD406D7E749DF3A46D13865229E26F4BA85E199274949B454DADCE5A3A1E5267E400CCE6C6E935FB0E900BFC36AC903D5BABC55BFE09F505B12702DC18D9FFA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....P....................................................f.L.N.alZ2.t.rE......3.........=...................,.......,.......,...9...,.......................(.......(.......(.......(.......(.......(.......(.......<...<.......(...........(...p...........P...........(...........c...p...........................s...............s.......................s...........c...........c...p........... ...........c...0........... ...c...A...S...`...p...S...........S...s.......s...................S...s......................................@...............8.......8...............Y.P.................Y.....:.J...L...:...........@...............8.......8..............._.P................._.........:....+....................@...............8.......8...............].P.................]...........@...............8.......8...............b...................b...........@...............8.......8...............d...................d.....:.:...........@...............8.......8...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5548f25dea105b158c4b87a94d79043dc15a77e7.qmlc.eqMIre

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6480
                                                                                                                                                                                                          Entropy (8bit):3.0406068975788716
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:BVHEUl2Nq9E/N8HEvHJ5g1OqMLCp2NxFg1nN80OVqkKhYvBu/0mvE:0qo8knjzjFen9OAhY8vE
                                                                                                                                                                                                          MD5:C5FA32BAC8FBCC2B0F0FB81F7FF4E857
                                                                                                                                                                                                          SHA1:AA455E1C1A97A77B0B854A265F488056B4382A8D
                                                                                                                                                                                                          SHA-256:5DB01CA7A2E61BE366AB8DF5525B85F72595A53B767CB8CEDC258C683AE9719E
                                                                                                                                                                                                          SHA-512:2BD406D7E749DF3A46D13865229E26F4BA85E199274949B454DADCE5A3A1E5267E400CCE6C6E935FB0E900BFC36AC903D5BABC55BFE09F505B12702DC18D9FFA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....P....................................................f.L.N.alZ2.t.rE......3.........=...................,.......,.......,...9...,.......................(.......(.......(.......(.......(.......(.......(.......<...<.......(...........(...p...........P...........(...........c...p...........................s...............s.......................s...........c...........c...p........... ...........c...0........... ...c...A...S...`...p...S...........S...s.......s...................S...s......................................@...............8.......8...............Y.P.................Y.....:.J...L...:...........@...............8.......8..............._.P................._.........:....+....................@...............8.......8...............].P.................]...........@...............8.......8...............b...................b...........@...............8.......8...............d...................d.....:.:...........@...............8.......8...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\6f1165f366f2621ca519f4ccf16383865e41354e.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6068
                                                                                                                                                                                                          Entropy (8bit):3.8827560443177456
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:0YT/fySwTbTOFPr3/1g0DpKSCtCRba/xbmXByB:lfAutls/Qq
                                                                                                                                                                                                          MD5:A6C04660E826B23CAF7923472546BBE0
                                                                                                                                                                                                          SHA1:0F46D06978E138D31E5B5819BAA83AC1971D22B0
                                                                                                                                                                                                          SHA-256:5BA93413F0289DE6B856279F8EEF792757FD1D26B1E7C84418994982E9275627
                                                                                                                                                                                                          SHA-512:95B8BC2532C208DBF77AC0A8F8A76BC7510FDD79EFBDF5ECAA171CE4FDE9B813C41E06E2E239C0693E79E26AE597D881F54F301A96B0C1E24603B779B0A8982E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP........................................................`f...R....Z.y}.....,..9..y....K....)...................(.......(.......(...@...(.......(.......0.......`.......`.......`.......`.......`.......`.......`.......(...(.......`.......@...(...........P.......p... ...H...................C...c.......c...c...c...C...........s...s...c.......c...c.......c.......c...c...c.......S...c...S...c... ...S...C...................c.......c...C...c...P...C...c...`...c...C...`...p...c.......c...c...c...c...p...c...p...c...p...c...p...3...C...........................................................@...............8.......8...............0.P.................0...........h...&...........8.......@...............2.P.........................3.......4.......5.......7...#...8........n.pL...........................................`...........8.......@...............:.P.........................;.......<...8...=...<...>...Q...?...S...@...[...A...]...B...............:.d.LM......4....4.....f.L..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\6f1165f366f2621ca519f4ccf16383865e41354e.qmlc.PKUWZD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6068
                                                                                                                                                                                                          Entropy (8bit):3.8827560443177456
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:0YT/fySwTbTOFPr3/1g0DpKSCtCRba/xbmXByB:lfAutls/Qq
                                                                                                                                                                                                          MD5:A6C04660E826B23CAF7923472546BBE0
                                                                                                                                                                                                          SHA1:0F46D06978E138D31E5B5819BAA83AC1971D22B0
                                                                                                                                                                                                          SHA-256:5BA93413F0289DE6B856279F8EEF792757FD1D26B1E7C84418994982E9275627
                                                                                                                                                                                                          SHA-512:95B8BC2532C208DBF77AC0A8F8A76BC7510FDD79EFBDF5ECAA171CE4FDE9B813C41E06E2E239C0693E79E26AE597D881F54F301A96B0C1E24603B779B0A8982E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP........................................................`f...R....Z.y}.....,..9..y....K....)...................(.......(.......(...@...(.......(.......0.......`.......`.......`.......`.......`.......`.......`.......(...(.......`.......@...(...........P.......p... ...H...................C...c.......c...c...c...C...........s...s...c.......c...c.......c.......c...c...c.......S...c...S...c... ...S...C...................c.......c...C...c...P...C...c...`...c...C...`...p...c.......c...c...c...c...p...c...p...c...p...c...p...3...C...........................................................@...............8.......8...............0.P.................0...........h...&...........8.......@...............2.P.........................3.......4.......5.......7...#...8........n.pL...........................................`...........8.......@...............:.P.........................;.......<...8...=...<...>...Q...?...S...@...[...A...]...B...............:.d.LM......4....4.....f.L..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\787d85fee79d3146cb1ea83bfc4078536870694d.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17376
                                                                                                                                                                                                          Entropy (8bit):3.176139383253843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:yXI6PxQTQRxoIjHIvw5hG1OS7Vs4RRzRdfZXu+iKfWggh5hau:oCB1rs43fZCyXgau
                                                                                                                                                                                                          MD5:846BEA246CA3F7BDE890DCADA5C140AD
                                                                                                                                                                                                          SHA1:B3AA18CF242C078C84312D2F0D38930F49D7F354
                                                                                                                                                                                                          SHA-256:BF18C0DFAAC275A1D7CFA7890AC04A2BF45C6A9D921131BFF44AD0CD04A27F8D
                                                                                                                                                                                                          SHA-512:3DC670A45DA9264F232108F1BE54C81060ED43F8201FD2419C7434686734F6EF0E261593A2DD6668184873FC2060E5580A46547EB8CA5EA79FE5E2B0DE3196DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....C...................................................*..."...._V...MI{.,KcC....7u..............2...........................................................................................................................p9......H...........H...........p.......(...........`...........h.......(...p...........H........... ...........0...x...................0...x...........p...........`...........X...........@...........@...s.......s...........s.......s.......s.......s.......s...@...s...`...s...p...s.......s.......s.......s.......s.......s...............`...s... .......C...P.......C...`...#.......#...p.......s...P...s...`...s.......s.......s.......s...`.......................3...................................s........................... ...0...........0...........P...S...........`...........p...........P.......P.......................3...........................S.......S.......s...........S...............................................0...........................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\787d85fee79d3146cb1ea83bfc4078536870694d.qmlc.IZaekS

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17376
                                                                                                                                                                                                          Entropy (8bit):3.176139383253843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:yXI6PxQTQRxoIjHIvw5hG1OS7Vs4RRzRdfZXu+iKfWggh5hau:oCB1rs43fZCyXgau
                                                                                                                                                                                                          MD5:846BEA246CA3F7BDE890DCADA5C140AD
                                                                                                                                                                                                          SHA1:B3AA18CF242C078C84312D2F0D38930F49D7F354
                                                                                                                                                                                                          SHA-256:BF18C0DFAAC275A1D7CFA7890AC04A2BF45C6A9D921131BFF44AD0CD04A27F8D
                                                                                                                                                                                                          SHA-512:3DC670A45DA9264F232108F1BE54C81060ED43F8201FD2419C7434686734F6EF0E261593A2DD6668184873FC2060E5580A46547EB8CA5EA79FE5E2B0DE3196DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....C...................................................*..."...._V...MI{.,KcC....7u..............2...........................................................................................................................p9......H...........H...........p.......(...........`...........h.......(...p...........H........... ...........0...x...................0...x...........p...........`...........X...........@...........@...s.......s...........s.......s.......s.......s.......s...@...s...`...s...p...s.......s.......s.......s.......s.......s...............`...s... .......C...P.......C...`...#.......#...p.......s...P...s...`...s.......s.......s.......s...`.......................3...................................s........................... ...0...........0...........P...S...........`...........p...........P.......P.......................3...........................S.......S.......s...........S...............................................0...........................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\82065ce3b09e925a0fd8e5aa89ffcdba94de8c18.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11528
                                                                                                                                                                                                          Entropy (8bit):3.1572360628814407
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:dNomzreNHtJtEnKwmjYJstc/tHfAQ7fzk71lEbBh7eD+aYYZ6B1LPR9mh2aICb3:dNRatTwmS/wAqD+aYcO7MSi3
                                                                                                                                                                                                          MD5:6C602A4E8B8A1FA6D40AB21371C24544
                                                                                                                                                                                                          SHA1:D1FCAB1B990CA00B0664CCCBEBA9095F89B818B3
                                                                                                                                                                                                          SHA-256:0FED56C66F1CB6F48FAB6DB2C42D597530571C78FF5EFB84986519EAEF3B64C9
                                                                                                                                                                                                          SHA-512:8AAD33F4890C24CFEB1155C5539CB1C41C51F4EF3E91E33A56C2042952432EFBDF8D6BB039A5C594A45B7AD60D545FDA6D556D7AD8BF139507E73644A89CB656
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....-..................................................8.....^...G.%HQ....Hm<..N.m..e......a...0...............l.......l.......l...}...l.......`.......`.......p.......p.......p.......p.......p.......p.......p.......`...`...X#..p...........X.......H...........H...........8...............h...........h.......x...........P...........X...........S.......S...p...................................p...................................p............................... ...............P...S.......3.......3...@...P...3...`...s...p...........................1.......S...s...s...........s...s...........s...s...........s...s.......P...............................................@...P.......@...........@...p........... ...............@...P.......@...p.......@...........s.......s...3.......3.......s.......................s...........P.......p..........................@.......-.......8.......8.........................................:.....@......./.......8.......8.......................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\82065ce3b09e925a0fd8e5aa89ffcdba94de8c18.qmlc.UfYeph

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11528
                                                                                                                                                                                                          Entropy (8bit):3.1572360628814407
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:dNomzreNHtJtEnKwmjYJstc/tHfAQ7fzk71lEbBh7eD+aYYZ6B1LPR9mh2aICb3:dNRatTwmS/wAqD+aYcO7MSi3
                                                                                                                                                                                                          MD5:6C602A4E8B8A1FA6D40AB21371C24544
                                                                                                                                                                                                          SHA1:D1FCAB1B990CA00B0664CCCBEBA9095F89B818B3
                                                                                                                                                                                                          SHA-256:0FED56C66F1CB6F48FAB6DB2C42D597530571C78FF5EFB84986519EAEF3B64C9
                                                                                                                                                                                                          SHA-512:8AAD33F4890C24CFEB1155C5539CB1C41C51F4EF3E91E33A56C2042952432EFBDF8D6BB039A5C594A45B7AD60D545FDA6D556D7AD8BF139507E73644A89CB656
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....-..................................................8.....^...G.%HQ....Hm<..N.m..e......a...0...............l.......l.......l...}...l.......`.......`.......p.......p.......p.......p.......p.......p.......p.......`...`...X#..p...........X.......H...........H...........8...............h...........h.......x...........P...........X...........S.......S...p...................................p...................................p............................... ...............P...S.......3.......3...@...P...3...`...s...p...........................1.......S...s...s...........s...s...........s...s...........s...s.......P...............................................@...P.......@...........@...p........... ...............@...P.......@...p.......@...........s.......s...3.......3.......s.......................s...........P.......p..........................@.......-.......8.......8.........................................:.....@......./.......8.......8.......................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\93bd4c642a9a1741aeb4a72456b97b928f0af251.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16428
                                                                                                                                                                                                          Entropy (8bit):2.9680317244155017
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:hmQj/b3f2JAMaIATfTXCjd8JvbIuf3zfAHmXt8pc8OEpWwUyMw7CByn9ULM/Ids3:hmUD+mMaIATfTXCctd8Xuo9UA/IdX
                                                                                                                                                                                                          MD5:6CEDD52C8930786427756AC3018DD29C
                                                                                                                                                                                                          SHA1:62C7FC129B4404A0CB9456BB355599D515F64957
                                                                                                                                                                                                          SHA-256:C0F0C6E5E4CC69682AADC54D1929FE09CEDE937032D6879FC505DF733AF15B4D
                                                                                                                                                                                                          SHA-512:9849E27B1F37024842A92BEFD113B8DB3A9AACF84EC309A41A27E408E176157C8E2B6756AAADE3B38326C232B033021E4DDD744BBF26AFFC80EBCDA76279A2D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......>.yP....,@.....................................................C.B.e;X0.8.c....Je.&..eM.......t.......,...............................{...................................................................................s...s....+......h.......0...x...........P...........(...p...........H...........0...x.......(........... ...x.......(...p...........`...........H...........0........... ...p...........H...C.......@.......................@...P...C.......`.......................`...P.......`...............`.......s.......s.......s.......................................@.......`...........#.......#.......s...s.......s...P...............................s... ...........s... .......s...P...s...0...s...@...s...P...C...s...`...`...C...C...s...`...`...P...#.......s...#...s...`...s.......s...#...#...#...s.......s.......s.......s.......s...s.......s... ...s...P...s.......#...s.......C...s...`...`.............................................................333333..{..G.z8.......E.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\93bd4c642a9a1741aeb4a72456b97b928f0af251.qmlc.zuTebz

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16428
                                                                                                                                                                                                          Entropy (8bit):2.9680317244155017
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:hmQj/b3f2JAMaIATfTXCjd8JvbIuf3zfAHmXt8pc8OEpWwUyMw7CByn9ULM/Ids3:hmUD+mMaIATfTXCctd8Xuo9UA/IdX
                                                                                                                                                                                                          MD5:6CEDD52C8930786427756AC3018DD29C
                                                                                                                                                                                                          SHA1:62C7FC129B4404A0CB9456BB355599D515F64957
                                                                                                                                                                                                          SHA-256:C0F0C6E5E4CC69682AADC54D1929FE09CEDE937032D6879FC505DF733AF15B4D
                                                                                                                                                                                                          SHA-512:9849E27B1F37024842A92BEFD113B8DB3A9AACF84EC309A41A27E408E176157C8E2B6756AAADE3B38326C232B033021E4DDD744BBF26AFFC80EBCDA76279A2D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......>.yP....,@.....................................................C.B.e;X0.8.c....Je.&..eM.......t.......,...............................{...................................................................................s...s....+......h.......0...x...........P...........(...p...........H...........0...x.......(........... ...x.......(...p...........`...........H...........0........... ...p...........H...C.......@.......................@...P...C.......`.......................`...P.......`...............`.......s.......s.......s.......................................@.......`...........#.......#.......s...s.......s...P...............................s... ...........s... .......s...P...s...0...s...@...s...P...C...s...`...`...C...C...s...`...`...P...#.......s...#...s...`...s.......s...#...#...#...s.......s.......s.......s.......s...s.......s... ...s...P...s.......#...s.......C...s...`...`.............................................................333333..{..G.z8.......E.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\996b1c3863545cfa416b64042a8a1ec4fba5cbe7.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4956
                                                                                                                                                                                                          Entropy (8bit):2.729694368551948
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:1iwOXzKkJs/NqKCi1wHmmJkSxceOlnkGEgdGBLDKcwXQt+tQ1lsUphkT/QvM2U2m:oDKkJslf31wHmukUzBLDKcktIly
                                                                                                                                                                                                          MD5:219E8F46F639D7B0CA2ADC6E80EA5FB4
                                                                                                                                                                                                          SHA1:DD4BC496C08AD5F634C04223ECE7C1D49ACCE3AA
                                                                                                                                                                                                          SHA-256:1AD4C54BE69E6D764F415209A7296DEAA0DCF4989AC4749E56FF5904F9F8D32F
                                                                                                                                                                                                          SHA-512:C1B4F7D5E6ACA74F0D38010273DC2F8768D1B24B79C6AD7356665C618F9F6E51500FF65B6C9808EAB383243488C0424B87BFDB9CF962E88E479CD48A5B8D82A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....\....................................................QH..?.K......^e.....{^I...={......)...p............................................... ....... .......P.......P.......P.......P.......P.......P.......P.......(...(.......P...........(.......s...s.......s......................................................@.......#.......8.......8...............|...................|...........@...............8.......8...............]...................]...........@...............8.......8...............d...................d.....:.....@...............8.......8...............c...................c.....:.........8...`...............@...h...................8...`...............(...P............... ...H...x...............@...................0...X...............H.......................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\996b1c3863545cfa416b64042a8a1ec4fba5cbe7.qmlc.dsYnlD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4956
                                                                                                                                                                                                          Entropy (8bit):2.729694368551948
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:1iwOXzKkJs/NqKCi1wHmmJkSxceOlnkGEgdGBLDKcwXQt+tQ1lsUphkT/QvM2U2m:oDKkJslf31wHmukUzBLDKcktIly
                                                                                                                                                                                                          MD5:219E8F46F639D7B0CA2ADC6E80EA5FB4
                                                                                                                                                                                                          SHA1:DD4BC496C08AD5F634C04223ECE7C1D49ACCE3AA
                                                                                                                                                                                                          SHA-256:1AD4C54BE69E6D764F415209A7296DEAA0DCF4989AC4749E56FF5904F9F8D32F
                                                                                                                                                                                                          SHA-512:C1B4F7D5E6ACA74F0D38010273DC2F8768D1B24B79C6AD7356665C618F9F6E51500FF65B6C9808EAB383243488C0424B87BFDB9CF962E88E479CD48A5B8D82A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....\....................................................QH..?.K......^e.....{^I...={......)...p............................................... ....... .......P.......P.......P.......P.......P.......P.......P.......(...(.......P...........(.......s...s.......s......................................................@.......#.......8.......8...............|...................|...........@...............8.......8...............]...................]...........@...............8.......8...............d...................d.....:.....@...............8.......8...............c...................c.....:.........8...`...............@...h...................8...`...............(...P............... ...H...x...............@...................0...X...............H.......................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\9e2a507d0536e36a938aff5951b86d504e8a4616.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21068
                                                                                                                                                                                                          Entropy (8bit):3.1631433535618703
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:qoAqwMCoXoz9kGyy04HVxSw0679FenoC9oek9yt94ELRIdsY:fAqwMCukzadWS4ECx
                                                                                                                                                                                                          MD5:4FECB245E623A2A0455C207CD6F2AA82
                                                                                                                                                                                                          SHA1:77E252280EFB42FFDDCCF54F0384FC899F134B17
                                                                                                                                                                                                          SHA-256:25A6F3129FD583BD513E1CA4F954B45A95C50F2777C6871E2250E09A0223F151
                                                                                                                                                                                                          SHA-512:C581C09B60C86285D7F40FFC2A9C1494281318CB15036FBD6A6631014186043DD5D563A5423948EE20A9576F7AFFFE2FE87FD72A682748B7501C462D0A56D543
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......d.yP....LR..................................................ba.Q.....!......WFd..o..|:.............H!..J........... ....... ....... ....... .......P.......P.......p.......p.......p.......p.......p.......p.......p................A..p...........X...........`...............(...x...........`.......0........... ...............X...........@...........@...........8.......h...............X...........8...........8...........8...........8...........H...........h....... .......P.......`...........X...........P...........@ ... ... ..c...p...c...p.......................................................@.......................................................`.......s...S...S...........s...S...S...........s...C...........s...C............... ....... ...C...#.......#.......S...#.......#.......................................................................................0...............0.......@.......`...............................0.......................3...........c...0...#...c...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\9e2a507d0536e36a938aff5951b86d504e8a4616.qmlc.xPfUSN

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21068
                                                                                                                                                                                                          Entropy (8bit):3.1631433535618703
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:qoAqwMCoXoz9kGyy04HVxSw0679FenoC9oek9yt94ELRIdsY:fAqwMCukzadWS4ECx
                                                                                                                                                                                                          MD5:4FECB245E623A2A0455C207CD6F2AA82
                                                                                                                                                                                                          SHA1:77E252280EFB42FFDDCCF54F0384FC899F134B17
                                                                                                                                                                                                          SHA-256:25A6F3129FD583BD513E1CA4F954B45A95C50F2777C6871E2250E09A0223F151
                                                                                                                                                                                                          SHA-512:C581C09B60C86285D7F40FFC2A9C1494281318CB15036FBD6A6631014186043DD5D563A5423948EE20A9576F7AFFFE2FE87FD72A682748B7501C462D0A56D543
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......d.yP....LR..................................................ba.Q.....!......WFd..o..|:.............H!..J........... ....... ....... ....... .......P.......P.......p.......p.......p.......p.......p.......p.......p................A..p...........X...........`...............(...x...........`.......0........... ...............X...........@...........@...........8.......h...............X...........8...........8...........8...........8...........H...........h....... .......P.......`...........X...........P...........@ ... ... ..c...p...c...p.......................................................@.......................................................`.......s...S...S...........s...S...S...........s...C...........s...C............... ....... ...C...#.......#.......S...#.......#.......................................................................................0...............0.......@.......`...............................0.......................3...........c...0...#...c...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ac3c7480891124faed95e1bdb8a33ee66b69f3cb.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1372
                                                                                                                                                                                                          Entropy (8bit):2.95916530776591
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:cYgkzGW3KCiotj3JLjCd3YM2/qgdGKS9hiMLteYX:H6Ci4jJLjCdoZ/qgdGB97LtF
                                                                                                                                                                                                          MD5:589BC5BDE241D55C41F984E7778B4427
                                                                                                                                                                                                          SHA1:C73C23989699964C2C9C3A2DBB116C8CA86AE4C0
                                                                                                                                                                                                          SHA-256:80130A5387C6D9F2369F914F36D877633A200181B46AC22298A943EAA1192F27
                                                                                                                                                                                                          SHA-512:ECA410E626B3B7ECA549373AE586FD90A56D7265BBA1396E8D5FA9C480E122E3B0EB52341CFC2872C918EB02A57211250B102CDCA2E5D99E548147AA3431E069
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....\...................................................V.../I`A....6....PaO...UG...{:..........p...............................................................................................................................................`...S.......@...............8.......8...............V.P.................V.........:.....................................(...x...............8...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................B.u.t.t.o.n.............................b.u.t.t.o.n.............................s.t.y.l.e...............................e.x.p.r.e.s.s.i.o.n. .f.o.r. .s.t.y.l.e.................................S.e.t.t.i.n.g.s.................................s.t.y.l.e.C.o.m.p.o.n.e.n.t.............................T.o.o.l.B.u.t.t.o.n.S.t.y.l.e...q.m.l.......H...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ac3c7480891124faed95e1bdb8a33ee66b69f3cb.qmlc.nugObB

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1372
                                                                                                                                                                                                          Entropy (8bit):2.95916530776591
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:cYgkzGW3KCiotj3JLjCd3YM2/qgdGKS9hiMLteYX:H6Ci4jJLjCdoZ/qgdGB97LtF
                                                                                                                                                                                                          MD5:589BC5BDE241D55C41F984E7778B4427
                                                                                                                                                                                                          SHA1:C73C23989699964C2C9C3A2DBB116C8CA86AE4C0
                                                                                                                                                                                                          SHA-256:80130A5387C6D9F2369F914F36D877633A200181B46AC22298A943EAA1192F27
                                                                                                                                                                                                          SHA-512:ECA410E626B3B7ECA549373AE586FD90A56D7265BBA1396E8D5FA9C480E122E3B0EB52341CFC2872C918EB02A57211250B102CDCA2E5D99E548147AA3431E069
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....\...................................................V.../I`A....6....PaO...UG...{:..........p...............................................................................................................................................`...S.......@...............8.......8...............V.P.................V.........:.....................................(...x...............8...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................B.u.t.t.o.n.............................b.u.t.t.o.n.............................s.t.y.l.e...............................e.x.p.r.e.s.s.i.o.n. .f.o.r. .s.t.y.l.e.................................S.e.t.t.i.n.g.s.................................s.t.y.l.e.C.o.m.p.o.n.e.n.t.............................T.o.o.l.B.u.t.t.o.n.S.t.y.l.e...q.m.l.......H...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad13a2663127774445d90b3af449d01ad81b0ca3.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14524
                                                                                                                                                                                                          Entropy (8bit):2.940261580192438
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:lr8go7WxSP8LMHpm45eensgBV5lDPreZYJLQktV:WgzxohzD5lDTeWtV
                                                                                                                                                                                                          MD5:CD3B15C0AC242ABC204F98D918C3752C
                                                                                                                                                                                                          SHA1:EFD19C9BCA0EBCEE98EF0B4B4E9803C6527CB9F0
                                                                                                                                                                                                          SHA-256:FCC61926EA9F2465617E4372D48EBA47863D06C93F8C10F39D3EC817F4AF8C53
                                                                                                                                                                                                          SHA-512:536806ED4639930EADD4EF4EC7B7153D5EE6E969F73DDD86C79B60C36340F79980C0CE862A7DF1071E8F26B830CCEF49B2A85DFD3D3FBB3BCD275B54585A2A6E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......%.yP.....8..................................................qZE}..WiM.mp.X .|.!.YH..6`....%.....f.......#...........................................................................H.......H.......H.......H.......H.......d...d....%..H...........8...........(...x...........X...........@...........8...........P...........`...........X...........X...........`...........H.......S.......c...S...........S...........S...........S.......#...S.......S...S...........S........................................................... .......0...C...S.......`.......................p...............@.......P...............................p...............................0.......0.......@.......P...........@.......P...................0.......................................@.......P............... ...3...S.......@.......P.......S...`...S...p...@...................................S...`...S...p...........`...p.......#...0...........................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad13a2663127774445d90b3af449d01ad81b0ca3.qmlc.aVDtsr

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14524
                                                                                                                                                                                                          Entropy (8bit):2.940261580192438
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:lr8go7WxSP8LMHpm45eensgBV5lDPreZYJLQktV:WgzxohzD5lDTeWtV
                                                                                                                                                                                                          MD5:CD3B15C0AC242ABC204F98D918C3752C
                                                                                                                                                                                                          SHA1:EFD19C9BCA0EBCEE98EF0B4B4E9803C6527CB9F0
                                                                                                                                                                                                          SHA-256:FCC61926EA9F2465617E4372D48EBA47863D06C93F8C10F39D3EC817F4AF8C53
                                                                                                                                                                                                          SHA-512:536806ED4639930EADD4EF4EC7B7153D5EE6E969F73DDD86C79B60C36340F79980C0CE862A7DF1071E8F26B830CCEF49B2A85DFD3D3FBB3BCD275B54585A2A6E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......%.yP.....8..................................................qZE}..WiM.mp.X .|.!.YH..6`....%.....f.......#...........................................................................H.......H.......H.......H.......H.......d...d....%..H...........8...........(...x...........X...........@...........8...........P...........`...........X...........X...........`...........H.......S.......c...S...........S...........S...........S.......#...S.......S...S...........S........................................................... .......0...C...S.......`.......................p...............@.......P...............................p...............................0.......0.......@.......P...........@.......P...................0.......................................@.......P............... ...3...S.......@.......P.......S...`...S...p...@...................................S...`...S...p...........`...p.......#...0...........................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad5fb7319f2136972214ac0209f2e89c047eb735.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4164
                                                                                                                                                                                                          Entropy (8bit):2.8944725447044855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:TMUgBd3pJFIE7ELti8ybInkH4oOkQEgdGBOJ+yy0rg2jjlrk0S:FgLZJ77EI49QBKf04xkX
                                                                                                                                                                                                          MD5:7AB59648DB7AFBABC519DA1789232B06
                                                                                                                                                                                                          SHA1:73EDF21E6D96F51CADC1CD938625A415C124392D
                                                                                                                                                                                                          SHA-256:E1B91FAA6FE7B8A5127ECFEDAF241B100A94F3100FDD7A475B130BCABCEB8669
                                                                                                                                                                                                          SHA-512:39BE8EC56F900957B393EA9B1C5B6B83DA5A2E9679C18401A72E28B168DFAE48A113428CF69DCDF4AB721A78E4B86692FDC30A5CDBF6176729A4A5D1EBA22882
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......5.yP....D...................................................5.(.......$...G.&A...TBr.....9......%...................................................\.......`.......p.......p.......p.......p.......p.......p.......p.......$...$.......p...........X...........0.......c.......c...........3...3...3...3...s...................S.......3......................@...............8.......8...............;.P.................;.....:.L...:.:.H...........@...............8.......8...............6.P.................6...........@...............8.......8...............7.P.................7...........@...............8.......8...............8.P.................8...........@...............8.......8...............9.P.................9...........@...............8.......8...............4.P.................4.....:.....@...............8.......8...............A...................A.........:...."....................@...............8.......8...............@...................@...........p...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad5fb7319f2136972214ac0209f2e89c047eb735.qmlc.sxqCcc

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4164
                                                                                                                                                                                                          Entropy (8bit):2.8944725447044855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:TMUgBd3pJFIE7ELti8ybInkH4oOkQEgdGBOJ+yy0rg2jjlrk0S:FgLZJ77EI49QBKf04xkX
                                                                                                                                                                                                          MD5:7AB59648DB7AFBABC519DA1789232B06
                                                                                                                                                                                                          SHA1:73EDF21E6D96F51CADC1CD938625A415C124392D
                                                                                                                                                                                                          SHA-256:E1B91FAA6FE7B8A5127ECFEDAF241B100A94F3100FDD7A475B130BCABCEB8669
                                                                                                                                                                                                          SHA-512:39BE8EC56F900957B393EA9B1C5B6B83DA5A2E9679C18401A72E28B168DFAE48A113428CF69DCDF4AB721A78E4B86692FDC30A5CDBF6176729A4A5D1EBA22882
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......5.yP....D...................................................5.(.......$...G.&A...TBr.....9......%...................................................\.......`.......p.......p.......p.......p.......p.......p.......p.......$...$.......p...........X...........0.......c.......c...........3...3...3...3...s...................S.......3......................@...............8.......8...............;.P.................;.....:.L...:.:.H...........@...............8.......8...............6.P.................6...........@...............8.......8...............7.P.................7...........@...............8.......8...............8.P.................8...........@...............8.......8...............9.P.................9...........@...............8.......8...............4.P.................4.....:.....@...............8.......8...............A...................A.........:...."....................@...............8.......8...............@...................@...........p...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b11b513b07e5a3b2eec3f242cdfd4ccebeb0bb4f.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12560
                                                                                                                                                                                                          Entropy (8bit):3.031724115541925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:0KxZOHqWZDZU7rAJ5PbIn4Bf3gHmQG82EUfWzoZnSQ722TaBtmSIUR2VkfjxMi:000HFZ9U3I5K2ZD8mYRY8H
                                                                                                                                                                                                          MD5:7F8D7F1E3205DB8331889363C07CBD0B
                                                                                                                                                                                                          SHA1:9A1A355E1D818AEB8F4DF6B8A11E7605A77356D2
                                                                                                                                                                                                          SHA-256:F877144FB2B25C160B071B578C0E218420D04649F019D3B59B3A3CFD65EE0159
                                                                                                                                                                                                          SHA-512:226A5038CE60BD7D501BB94D6EA535BB3CD4534BD5DEFD1C43F4C8BF52939115BECDA3D22D4F2CE0A48CAB7B366117CE8F63CDD9B3E8ECB4AE0F98B061B0CEE9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....1....................................................9.=..V#. .8Z.1.}<(^.'..C.........e...................l.......l.......l...M...l...............................................................................d...d....#......8...............X...........H...........P...........(...p...........P...........0...........8...........8.......................................S.......S...0...S...P...#...........s...........#...............s.......................s.......S.......S.......................p.......s.......s... .......S...c...s.......p...c...s...........c...s........................................... .......0.......s...........s.....................@..............E.................333333..{..G.z8.................@.......4.......8.......8.........................................:.....@.......6.......8.......8.........................................:.....@.......8.......8.......8.........................................:.....@.......9.......8.......8.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b11b513b07e5a3b2eec3f242cdfd4ccebeb0bb4f.qmlc.vumXga

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12560
                                                                                                                                                                                                          Entropy (8bit):3.031724115541925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:0KxZOHqWZDZU7rAJ5PbIn4Bf3gHmQG82EUfWzoZnSQ722TaBtmSIUR2VkfjxMi:000HFZ9U3I5K2ZD8mYRY8H
                                                                                                                                                                                                          MD5:7F8D7F1E3205DB8331889363C07CBD0B
                                                                                                                                                                                                          SHA1:9A1A355E1D818AEB8F4DF6B8A11E7605A77356D2
                                                                                                                                                                                                          SHA-256:F877144FB2B25C160B071B578C0E218420D04649F019D3B59B3A3CFD65EE0159
                                                                                                                                                                                                          SHA-512:226A5038CE60BD7D501BB94D6EA535BB3CD4534BD5DEFD1C43F4C8BF52939115BECDA3D22D4F2CE0A48CAB7B366117CE8F63CDD9B3E8ECB4AE0F98B061B0CEE9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....1....................................................9.=..V#. .8Z.1.}<(^.'..C.........e...................l.......l.......l...M...l...............................................................................d...d....#......8...............X...........H...........P...........(...p...........P...........0...........8...........8.......................................S.......S...0...S...P...#...........s...........#...............s.......................s.......S.......S.......................p.......s.......s... .......S...c...s.......p...c...s...........c...s........................................... .......0.......s...........s.....................@..............E.................333333..{..G.z8.................@.......4.......8.......8.........................................:.....@.......6.......8.......8.........................................:.....@.......8.......8.......8.........................................:.....@.......9.......8.......8.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b361caace189613308ac33939a943da0d4fbce93.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26720
                                                                                                                                                                                                          Entropy (8bit):3.273608181266073
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:fOQp3vVaVp94XEnLEtc/V0BhUHUV6mHLA/KZkSGcLWenAqdA4VFa6P1rXGjBq:f1daVj6mL9mZVbHXfxt6I
                                                                                                                                                                                                          MD5:3C5F73A54470D26AE66D3F550971097A
                                                                                                                                                                                                          SHA1:D3DAC7303A6486322B84B12ED64F6A22F88717A9
                                                                                                                                                                                                          SHA-256:8EE6DA4328C076FF152EFCCF3D0B5BFB96EA0125DC67C1E3F160652BD09FFBB0
                                                                                                                                                                                                          SHA-512:8C2A7685221E8D6A992317186A67C0F67348C0C3B8289AA619F5771C7AFCA439495EFB48289A5E636842CF1132E591F906B9B041C7CF7964600BBACA511DB201
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......D.yP....`h....................................................D.C.#j....#..3...XU.......n.........'..D...............................g............................................................................................Z......@........... ...p...........P...0...x.......(...........X...........h...........p.......8...........@.......h.......P.......0...........h.......`.......H...H...............8...........X...................( ... ..`!...!..."..(#..x#...#..0$...$...$..H%...%...%..H&...&..s...c.......0.......c...`.......................`...........................................................................................................3.......3... ...3...0.......@...s...............Q...............`...........`.......c.......p.......................................................c.......................c....................................................................... ...........@.......................`...........................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b361caace189613308ac33939a943da0d4fbce93.qmlc.Xyrvyj

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26720
                                                                                                                                                                                                          Entropy (8bit):3.273608181266073
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:fOQp3vVaVp94XEnLEtc/V0BhUHUV6mHLA/KZkSGcLWenAqdA4VFa6P1rXGjBq:f1daVj6mL9mZVbHXfxt6I
                                                                                                                                                                                                          MD5:3C5F73A54470D26AE66D3F550971097A
                                                                                                                                                                                                          SHA1:D3DAC7303A6486322B84B12ED64F6A22F88717A9
                                                                                                                                                                                                          SHA-256:8EE6DA4328C076FF152EFCCF3D0B5BFB96EA0125DC67C1E3F160652BD09FFBB0
                                                                                                                                                                                                          SHA-512:8C2A7685221E8D6A992317186A67C0F67348C0C3B8289AA619F5771C7AFCA439495EFB48289A5E636842CF1132E591F906B9B041C7CF7964600BBACA511DB201
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......D.yP....`h....................................................D.C.#j....#..3...XU.......n.........'..D...............................g............................................................................................Z......@........... ...p...........P...0...x.......(...........X...........h...........p.......8...........@.......h.......P.......0...........h.......`.......H...H...............8...........X...................( ... ..`!...!..."..(#..x#...#..0$...$...$..H%...%...%..H&...&..s...c.......0.......c...`.......................`...........................................................................................................3.......3... ...3...0.......@...s...............Q...............`...........`.......c.......p.......................................................c.......................c....................................................................... ...........@.......................`...........................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c1ee71c99c0712d7f3f3032eee231e33d7eb03fd.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12584
                                                                                                                                                                                                          Entropy (8bit):3.0846736818200213
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:4pzeepvmnMIGGjYQHqtXYazn7W2ESAkflG:4FeYNrW/faza2ES38
                                                                                                                                                                                                          MD5:D8E663D780A284AD8D1974E4B79C6154
                                                                                                                                                                                                          SHA1:88DAFB1679880E7BDB8A69820F735F8721F487B8
                                                                                                                                                                                                          SHA-256:444A5F882411F82D53FA19A7D7A265142EB98FC552068CB6D4F3594146E1F925
                                                                                                                                                                                                          SHA-512:BE1F916DF1EA5A2252D941CD5FD39BAC09545A857CF281DC7CB8C525AAD937D51706522CEA144AC44B809AB8B766D7B40E82CF681E84F03054FC5E5BECCE940B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)......./.yP....(1..................................................ey.i.9........./.Y.....^;.D$.....o...@...............h.......h.......h...\...h...............................................................................n...n....&......p.......(...........8...........8...........(...........0...x...........P...........H...........8.......................................P...#...c............... .......@...c...............P.......`.......p.......p...........................................@...................s........... ...........0...............................@.......P.......p.......P...................................c.......`...c...................s.......s...........s...........s...........s.............................................................333333..@...............8.......8................................................:..............@.......>.......8.......8.........................................:.....|.......@...#...A.......8.......8...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c1ee71c99c0712d7f3f3032eee231e33d7eb03fd.qmlc.xSjYtv

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12584
                                                                                                                                                                                                          Entropy (8bit):3.0846736818200213
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:4pzeepvmnMIGGjYQHqtXYazn7W2ESAkflG:4FeYNrW/faza2ES38
                                                                                                                                                                                                          MD5:D8E663D780A284AD8D1974E4B79C6154
                                                                                                                                                                                                          SHA1:88DAFB1679880E7BDB8A69820F735F8721F487B8
                                                                                                                                                                                                          SHA-256:444A5F882411F82D53FA19A7D7A265142EB98FC552068CB6D4F3594146E1F925
                                                                                                                                                                                                          SHA-512:BE1F916DF1EA5A2252D941CD5FD39BAC09545A857CF281DC7CB8C525AAD937D51706522CEA144AC44B809AB8B766D7B40E82CF681E84F03054FC5E5BECCE940B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata)......./.yP....(1..................................................ey.i.9........./.Y.....^;.D$.....o...@...............h.......h.......h...\...h...............................................................................n...n....&......p.......(...........8...........8...........(...........0...x...........P...........H...........8.......................................P...#...c............... .......@...c...............P.......`.......p.......p...........................................@...................s........... ...........0...............................@.......P.......p.......P...................................c.......`...c...................s.......s...........s...........s...........s.............................................................333333..@...............8.......8................................................:..............@.......>.......8.......8.........................................:.....|.......@...#...A.......8.......8...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c2028dde7343885537152f847bbef4229e160c80.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9708
                                                                                                                                                                                                          Entropy (8bit):3.1844606863937095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:UvbvTR7kvp9JliVdDIH8HVe2Do8htFqsnhehhUuXsFhiScphNk+tl+L2yl4naz:4LTR4bDiM3m3hesjiScbW+uHz
                                                                                                                                                                                                          MD5:8F2719EEDB60E1F4D7D66858803EA915
                                                                                                                                                                                                          SHA1:BB2045DE2FAD93BE7A209384E4F0C7A425C945DF
                                                                                                                                                                                                          SHA-256:471601155BDC9C36D4DBCC0E50AF65C782C4883AE1454B851AEDC32E228A3DAE
                                                                                                                                                                                                          SHA-512:40A5EBE4072A009177FBC448DE09B8D33041C3926B34BA95337B537A4EA98CBE5AEF85644A81BBBDA7AF42FE41DC91663DD66E9FB4A274771B12D3CF1B33A2F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......F.yP.....%.....................................................{,...K...Ak...9.a.k.F...~...s....O...................@.......@.......@...3...@.......................@.......@.......@.......@.......@.......@.......@.......N...N...x...@...............`...........8.......................`.......0...................C.......C.......C...P.......#...S.......c...`...s...C...`.......C...p...........C...........C...........C...........C...........C...............s...................................#...........S......................................................@...............8.......8.................P.............................@...............8.......8.................P.............................@...............8.......8...............k...................k.....:.....@...............8.......8...............s...................s.....:.....@.......'.......8.......8...............~...................~.....:.....@.......(.......8.......8.......................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c2028dde7343885537152f847bbef4229e160c80.qmlc.yUsaDe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9708
                                                                                                                                                                                                          Entropy (8bit):3.1844606863937095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:UvbvTR7kvp9JliVdDIH8HVe2Do8htFqsnhehhUuXsFhiScphNk+tl+L2yl4naz:4LTR4bDiM3m3hesjiScbW+uHz
                                                                                                                                                                                                          MD5:8F2719EEDB60E1F4D7D66858803EA915
                                                                                                                                                                                                          SHA1:BB2045DE2FAD93BE7A209384E4F0C7A425C945DF
                                                                                                                                                                                                          SHA-256:471601155BDC9C36D4DBCC0E50AF65C782C4883AE1454B851AEDC32E228A3DAE
                                                                                                                                                                                                          SHA-512:40A5EBE4072A009177FBC448DE09B8D33041C3926B34BA95337B537A4EA98CBE5AEF85644A81BBBDA7AF42FE41DC91663DD66E9FB4A274771B12D3CF1B33A2F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......F.yP.....%.....................................................{,...K...Ak...9.a.k.F...~...s....O...................@.......@.......@...3...@.......................@.......@.......@.......@.......@.......@.......@.......N...N...x...@...............`...........8.......................`.......0...................C.......C.......C...P.......#...S.......c...`...s...C...`.......C...p...........C...........C...........C...........C...........C...............s...................................#...........S......................................................@...............8.......8.................P.............................@...............8.......8.................P.............................@...............8.......8...............k...................k.....:.....@...............8.......8...............s...................s.....:.....@.......'.......8.......8...............~...................~.....:.....@.......(.......8.......8.......................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c4ae53859a74117706ef95368768b9f9debae34e.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2196
                                                                                                                                                                                                          Entropy (8bit):2.9190351908285317
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:dzkKY6mf9sFIGa4NYqDMGliapMtEgdGKMBHqvMdLHWe99AEPGnmpvN/2e21e6l:x0f9sFMmHlfMtEgdGhBFDj2mpvR2PH
                                                                                                                                                                                                          MD5:F34A271624F6206AB5672BCF810389F8
                                                                                                                                                                                                          SHA1:5D2D253FF539A92260700C93EA21998C06DAC239
                                                                                                                                                                                                          SHA-256:C14DE9A80D97D1A307D5EFE5B74716342D05D0B073476E8AE836D71D38725F9F
                                                                                                                                                                                                          SHA-512:4CAC85DE2592AA10501AFD000BB37BE15F681F046435E1DB0B26BC90FC312A3B61CE2818FA8CF71ED7607F411FE226FDE17F94F911EA3C7C53F8FDF436167C44
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP........................................................o.. ..Z.......!.`..3.GO!..^..9g........H.......................................................................................................................................C...@...............8.......8...............Y...................Y.......................8...`...................0...p...................P...................@...h...........................................................Q.t.Q.u.i.c.k...........................Q.t.G.r.a.p.h.i.c.a.l.E.f.f.e.c.t.s...p.r.i.v.a.t.e.............................I.t.e.m.................................r.o.o.t.................................D.r.o.p.S.h.a.d.o.w.B.a.s.e.............................d.b.s...........................a.n.c.h.o.r.s...........................f.i.l.l.................................e.x.p.r.e.s.s.i.o.n. .f.o.r. .f.i.l.l...........................s.o.u.r.c.e.............................r.a.d.i.u.s.............................s.a.m.p.l.e.s...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c4ae53859a74117706ef95368768b9f9debae34e.qmlc.ltUzUh

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2196
                                                                                                                                                                                                          Entropy (8bit):2.9190351908285317
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:dzkKY6mf9sFIGa4NYqDMGliapMtEgdGKMBHqvMdLHWe99AEPGnmpvN/2e21e6l:x0f9sFMmHlfMtEgdGhBFDj2mpvR2PH
                                                                                                                                                                                                          MD5:F34A271624F6206AB5672BCF810389F8
                                                                                                                                                                                                          SHA1:5D2D253FF539A92260700C93EA21998C06DAC239
                                                                                                                                                                                                          SHA-256:C14DE9A80D97D1A307D5EFE5B74716342D05D0B073476E8AE836D71D38725F9F
                                                                                                                                                                                                          SHA-512:4CAC85DE2592AA10501AFD000BB37BE15F681F046435E1DB0B26BC90FC312A3B61CE2818FA8CF71ED7607F411FE226FDE17F94F911EA3C7C53F8FDF436167C44
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP........................................................o.. ..Z.......!.`..3.GO!..^..9g........H.......................................................................................................................................C...@...............8.......8...............Y...................Y.......................8...`...................0...p...................P...................@...h...........................................................Q.t.Q.u.i.c.k...........................Q.t.G.r.a.p.h.i.c.a.l.E.f.f.e.c.t.s...p.r.i.v.a.t.e.............................I.t.e.m.................................r.o.o.t.................................D.r.o.p.S.h.a.d.o.w.B.a.s.e.............................d.b.s...........................a.n.c.h.o.r.s...........................f.i.l.l.................................e.x.p.r.e.s.s.i.o.n. .f.o.r. .f.i.l.l...........................s.o.u.r.c.e.............................r.a.d.i.u.s.............................s.a.m.p.l.e.s...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c5d7bacae2464496780d49831484eb4ad8b703ad.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14760
                                                                                                                                                                                                          Entropy (8bit):3.264085056297005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ePww8+p059/aI8tcAow5JfhqxMUbbvSyfYbaA/ieKkPKuzKUt:ePww8+G/u2gJ66NzKUt
                                                                                                                                                                                                          MD5:A40330612810C97068467E1AB4DD3D34
                                                                                                                                                                                                          SHA1:A0E180ADD393B95547BD2B70388BB9FA66186710
                                                                                                                                                                                                          SHA-256:DCF14DCDCD6416804B9FEC50A5CA29BF9D0BA2535BE98E630277BDFA9C76EDA1
                                                                                                                                                                                                          SHA-512:063643C6EA423E8F08FE085D5BF3E47EC945ED55D099D5D809DF84656C47F28AAC8EB254ABFBE55CB174E372BD30DD8499865A34A09489C93B871B63E4CADC2A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......<.yP.....9..................................................\..!y...h.R.O.7.y..G.W..Z%........w...x...+...................................................................8.......8.......8.......8.......8.......8.......v...v..../..8...........@...........P...........(...p...........H.......P...........h...........P...........P...................(........... ...h...........`...........P...........0...c.......p...s...........s...............s.......c...........#...............................#...c...........S...........S...p...#...........................0...1.......#.......S...`...S...........S...p...S.......3....... ....... ...S.......S.......S.......S...............S...p...S... .......S.......S...`...@...S.......c...c...S...0...P.......S.......S...........S...p.......S....... ....... .......S...p.......S.......S.......S.......S.......S.......S...................0...................S.......S...`...@...............@.......`...S..........................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c5d7bacae2464496780d49831484eb4ad8b703ad.qmlc.NtJTCJ

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14760
                                                                                                                                                                                                          Entropy (8bit):3.264085056297005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ePww8+p059/aI8tcAow5JfhqxMUbbvSyfYbaA/ieKkPKuzKUt:ePww8+G/u2gJ66NzKUt
                                                                                                                                                                                                          MD5:A40330612810C97068467E1AB4DD3D34
                                                                                                                                                                                                          SHA1:A0E180ADD393B95547BD2B70388BB9FA66186710
                                                                                                                                                                                                          SHA-256:DCF14DCDCD6416804B9FEC50A5CA29BF9D0BA2535BE98E630277BDFA9C76EDA1
                                                                                                                                                                                                          SHA-512:063643C6EA423E8F08FE085D5BF3E47EC945ED55D099D5D809DF84656C47F28AAC8EB254ABFBE55CB174E372BD30DD8499865A34A09489C93B871B63E4CADC2A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......<.yP.....9..................................................\..!y...h.R.O.7.y..G.W..Z%........w...x...+...................................................................8.......8.......8.......8.......8.......8.......v...v..../..8...........@...........P...........(...p...........H.......P...........h...........P...........P...................(........... ...h...........`...........P...........0...c.......p...s...........s...............s.......c...........#...............................#...c...........S...........S...p...#...........................0...1.......#.......S...`...S...........S...p...S.......3....... ....... ...S.......S.......S.......S...............S...p...S... .......S.......S...`...@...S.......c...c...S...0...P.......S.......S...........S...p.......S....... ....... .......S...p.......S.......S.......S.......S.......S.......S...................0...................S.......S...`...@...............@.......`...S..........................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c666cfe04963ee29fbcaf545cc2e7df6b0eccd00.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1012
                                                                                                                                                                                                          Entropy (8bit):2.890676851674286
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:mrh8ssssssp++bcz3/jt/c4XcBKgdpsbKS/cw9a7IaBQvlvEENoZ4lc:oWssssssp+V3Jb/gdGKSR9aMkQNMR1
                                                                                                                                                                                                          MD5:3C3E742682278E591363B67B2D6AFE2F
                                                                                                                                                                                                          SHA1:B19A836CDE4BDF9AD6EF2405389ADDB0B67B44BB
                                                                                                                                                                                                          SHA-256:D7B49F2F8932301471738D6EB958A2D05CCA3D78C7DD50823D9A9EAFB6EF8BCE
                                                                                                                                                                                                          SHA-512:D414980787167F5170FD4DA794D39D88611B9752D514C35FD94E6CD384A998346A188093B95FCAA30324D78837068662FD73FDFE2D195E69A4A5EB79523E8B0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......}.yP..........................................................&{T1..J.(......?.=*........oQ........................................................................................................................................ ..................?(...H...p...........(...P...............................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................I.t.e.m.................................m.a.r.g.i.n.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.F.o.c.u.s.F.r.a.m.e.S.t.y.l.e...q.m.l...................X.......................(.......................).......................*...\.......................T...T...`.......`...`.......`.......x...1.......x.......x.............. 2.P.............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c666cfe04963ee29fbcaf545cc2e7df6b0eccd00.qmlc.VkUSoZ

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1012
                                                                                                                                                                                                          Entropy (8bit):2.890676851674286
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:mrh8ssssssp++bcz3/jt/c4XcBKgdpsbKS/cw9a7IaBQvlvEENoZ4lc:oWssssssp+V3Jb/gdGKSR9aMkQNMR1
                                                                                                                                                                                                          MD5:3C3E742682278E591363B67B2D6AFE2F
                                                                                                                                                                                                          SHA1:B19A836CDE4BDF9AD6EF2405389ADDB0B67B44BB
                                                                                                                                                                                                          SHA-256:D7B49F2F8932301471738D6EB958A2D05CCA3D78C7DD50823D9A9EAFB6EF8BCE
                                                                                                                                                                                                          SHA-512:D414980787167F5170FD4DA794D39D88611B9752D514C35FD94E6CD384A998346A188093B95FCAA30324D78837068662FD73FDFE2D195E69A4A5EB79523E8B0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......}.yP..........................................................&{T1..J.(......?.=*........oQ........................................................................................................................................ ..................?(...H...p...........(...P...............................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................I.t.e.m.................................m.a.r.g.i.n.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.F.o.c.u.s.F.r.a.m.e.S.t.y.l.e...q.m.l...................X.......................(.......................).......................*...\.......................T...T...`.......`...`.......`.......x...1.......x.......x.............. 2.P.............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c696b2d71e97b1667a3722e58df41bdd349652e4.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33244
                                                                                                                                                                                                          Entropy (8bit):3.3963113846817
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:T625Y0DP10wXllWmk5p9E6KnEGnf8Ck9zCwj9YtQRsIl0:mmYOJlUpgf8/0UHsT
                                                                                                                                                                                                          MD5:043B24FF5D9E775D880B7A94DDFB6D29
                                                                                                                                                                                                          SHA1:7654FECEC2610B9F0BF3EF21B6EEC52C7AFB0065
                                                                                                                                                                                                          SHA-256:64A76B4DDB7802707A82360F16CF139FBE730C87802B2639DC665ABE0D907379
                                                                                                                                                                                                          SHA-512:65A39132EA97A09492931C2066D2DE4EE29B773F0F56EE308208B04885EF387DBA08F9C3E82F2D1A456D3A8431D60CCD1BDAEAF0DA54E8E34C5072B339F86105
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................N)Q.[K..j.LLJ..,...ZB......@........../..J........... ....... ....... .......$.......p.......p........................................................................p...... ...........0...........H...........H.......P.......H...............8...........h...........H...................H.......8........... ...h...........h.......@...........`...x...........( ..p ... ..0!...!...!..`"..."...#..X#...#...#..X$...$...$...%..8&...&...'..X'...*..p*...,...-..P-..x...@/.../..........c...........c...................................s...#.......................s...s...........p...s........................... ...................................0.......................................!.......c...............................................!.......c...........................s....................... ........... ....... ...............c...............Q...................................................0.......S...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c696b2d71e97b1667a3722e58df41bdd349652e4.qmlc.ayqwxm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33244
                                                                                                                                                                                                          Entropy (8bit):3.3963113846817
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:T625Y0DP10wXllWmk5p9E6KnEGnf8Ck9zCwj9YtQRsIl0:mmYOJlUpgf8/0UHsT
                                                                                                                                                                                                          MD5:043B24FF5D9E775D880B7A94DDFB6D29
                                                                                                                                                                                                          SHA1:7654FECEC2610B9F0BF3EF21B6EEC52C7AFB0065
                                                                                                                                                                                                          SHA-256:64A76B4DDB7802707A82360F16CF139FBE730C87802B2639DC665ABE0D907379
                                                                                                                                                                                                          SHA-512:65A39132EA97A09492931C2066D2DE4EE29B773F0F56EE308208B04885EF387DBA08F9C3E82F2D1A456D3A8431D60CCD1BDAEAF0DA54E8E34C5072B339F86105
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................N)Q.[K..j.LLJ..,...ZB......@........../..J........... ....... ....... .......$.......p.......p........................................................................p...... ...........0...........H...........H.......P.......H...............8...........h...........H...................H.......8........... ...h...........h.......@...........`...x...........( ..p ... ..0!...!...!..`"..."...#..X#...#...#..X$...$...$...%..8&...&...'..X'...*..p*...,...-..P-..x...@/.../..........c...........c...................................s...#.......................s...s...........p...s........................... ...................................0.......................................!.......c...............................................!.......c...........................s....................... ........... ....... ...............c...............Q...................................................0.......S...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cc3d9115cf5243972d568a6431d1e2f5ddaa8945.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6680
                                                                                                                                                                                                          Entropy (8bit):3.1028503325403833
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Kg4awvbuGFJcjg98dXv54Ou1J1IT2/m2lL67XU8N2N46To2MykBTFoYrfj:KvawjZF2hubyA3vSfj
                                                                                                                                                                                                          MD5:5151FC42E676348F8B2CE8222276BBE0
                                                                                                                                                                                                          SHA1:E2FF51D07A86E9F4329D1F370209718446512D37
                                                                                                                                                                                                          SHA-256:798AECF5E7E976D25056AA999899F8B3F0E555E931EBB008C7776DDE5B9839B4
                                                                                                                                                                                                          SHA-512:961A1EC7E3457802450F3E8D84BC071CAD80E168C37ACE587D90964ABAD6AAEF6ED845CCDD8C7DC4E732B3FDF3CBF5B1F49094D5CD35CCC384242573450DEBF1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................w...#..P.%.......e.|9<..{.m,.c....>...x...............(.......(.......(...*...(...............................................................................=...=...x.......0.......H...........0...........@....... ...c...c.......................c...............0...c...@...S...S...........!...c.......!...c...p.......c.......c.......p...........c...........................c..................@................@...............8.......8...............................................H...............8.......@...............r.P.........................s.........:.................p...C...........8.......H...............{.P.................................|.......}.......~...1.......@.........pL......2...........0.................................................@...............8.......8.................P.......................L...:.H.......@...............8.......8.................@.......................0.....@.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cc3d9115cf5243972d568a6431d1e2f5ddaa8945.qmlc.fkfXQA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6680
                                                                                                                                                                                                          Entropy (8bit):3.1028503325403833
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Kg4awvbuGFJcjg98dXv54Ou1J1IT2/m2lL67XU8N2N46To2MykBTFoYrfj:KvawjZF2hubyA3vSfj
                                                                                                                                                                                                          MD5:5151FC42E676348F8B2CE8222276BBE0
                                                                                                                                                                                                          SHA1:E2FF51D07A86E9F4329D1F370209718446512D37
                                                                                                                                                                                                          SHA-256:798AECF5E7E976D25056AA999899F8B3F0E555E931EBB008C7776DDE5B9839B4
                                                                                                                                                                                                          SHA-512:961A1EC7E3457802450F3E8D84BC071CAD80E168C37ACE587D90964ABAD6AAEF6ED845CCDD8C7DC4E732B3FDF3CBF5B1F49094D5CD35CCC384242573450DEBF1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................w...#..P.%.......e.|9<..{.m,.c....>...x...............(.......(.......(...*...(...............................................................................=...=...x.......0.......H...........0...........@....... ...c...c.......................c...............0...c...@...S...S...........!...c.......!...c...p.......c.......c.......p...........c...........................c..................@................@...............8.......8...............................................H...............8.......@...............r.P.........................s.........:.................p...C...........8.......H...............{.P.................................|.......}.......~...1.......@.........pL......2...........0.................................................@...............8.......8.................P.......................L...:.H.......@...............8.......8.................@.......................0.....@.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cef48c7b911a1e3c9d14e7747835701b8ee61e3c.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4168
                                                                                                                                                                                                          Entropy (8bit):3.3001196281625425
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:SuowF4iziGhoEeyKaHSXBCqZOsiuRaKd6Iaa6M8gdGBi8XK3yz:fowWiziGhc3ayxCSNRaKd624Bi8XD
                                                                                                                                                                                                          MD5:216585C6782F323E7FB91D8CCD388DA1
                                                                                                                                                                                                          SHA1:E39D23650DAFBB34DA957D82A501526F44A11F7D
                                                                                                                                                                                                          SHA-256:4440A8313ED9B178FB58DEE711D2F17926690B37433871AD57549AA33F8EAB11
                                                                                                                                                                                                          SHA-512:90E82272504F47C4A0161D318692F2F21BFD06883BDD5A14B2AF40D87CB759D26675889551DE4C3825C5F6E85184AD9E008BC7626FF946B521E4CE5EDB8F4757
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....H...................................................b..TU...Rzfd.....V.D...;.@..`.....).......................................&...................................................................................(...(...........(...p...........C...C...`...C...p.......................C...........S...C...........C...................................S...C.......S....... ...0...S...@...`...3...p......................@...............@... ...........8.......8...............T.P.................T.....L...:.....h.L...:.:.H.........@...............8.......8...............m.P.................m.....:.....@...............8.......8...............y.P.................y.....:.....................8.......8.................P.............................................+.......?.......C.......K.......^.......{.......}...................................................................................................N...D.....:.:....4............h.L-.....:.:.d.L ..:.....4.......h.L..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cef48c7b911a1e3c9d14e7747835701b8ee61e3c.qmlc.siWcTb

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4168
                                                                                                                                                                                                          Entropy (8bit):3.3001196281625425
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:SuowF4iziGhoEeyKaHSXBCqZOsiuRaKd6Iaa6M8gdGBi8XK3yz:fowWiziGhc3ayxCSNRaKd624Bi8XD
                                                                                                                                                                                                          MD5:216585C6782F323E7FB91D8CCD388DA1
                                                                                                                                                                                                          SHA1:E39D23650DAFBB34DA957D82A501526F44A11F7D
                                                                                                                                                                                                          SHA-256:4440A8313ED9B178FB58DEE711D2F17926690B37433871AD57549AA33F8EAB11
                                                                                                                                                                                                          SHA-512:90E82272504F47C4A0161D318692F2F21BFD06883BDD5A14B2AF40D87CB759D26675889551DE4C3825C5F6E85184AD9E008BC7626FF946B521E4CE5EDB8F4757
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....H...................................................b..TU...Rzfd.....V.D...;.@..`.....).......................................&...................................................................................(...(...........(...p...........C...C...`...C...p.......................C...........S...C...........C...................................S...C.......S....... ...0...S...@...`...3...p......................@...............@... ...........8.......8...............T.P.................T.....L...:.....h.L...:.:.H.........@...............8.......8...............m.P.................m.....:.....@...............8.......8...............y.P.................y.....:.....................8.......8.................P.............................................+.......?.......C.......K.......^.......{.......}...................................................................................................N...D.....:.:....4............h.L-.....:.:.d.L ..:.....4.......h.L..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d2ebcfc88aebbd1a8919372ced026957781f1024.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7864
                                                                                                                                                                                                          Entropy (8bit):3.3634237774505524
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:MmoTh7M7Ulcrhg/kyJONZjKccnDpgTy2NVe7VPazeIxfV/TmV/P/u+Xavn47ALBi:n6h4IwOkpjeVPoBVSVHBXQ4crMH
                                                                                                                                                                                                          MD5:9BD094124A9E78BE2A5CD3C1794AE7F9
                                                                                                                                                                                                          SHA1:96FE7C43918BDC599D54ACD66837CDFF755C6A28
                                                                                                                                                                                                          SHA-256:A166FC3CBD00A59812F389D18965DB5CEC9C195C0E4C7DA6DA856AFA38542267
                                                                                                                                                                                                          SHA-512:B475A389EA9EEB89662810AE2EF1894F4C944E5A8947D19A627980A8C75117C728EEB9888E943B9DEFFF96B384A85EBE094175874188BBA302569D52854A36E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP...........................................................z....?......#...V..h...m>:D....K...................(.......(.......(...p...(...............................................................................J...J...........X...........P...........h...............P...#...3...3... ...C...3...3...@...3...3...P...3...3...`...........s...p...s...........s...........`...s.......`...3...3................... ...s...S........... ...P...@...`...s............... ...#...@...........s...3... ...@.......s... ...@...0...s...@...s... ....... ...@.......@...S...................s...`...s...@...s.......@.......A...s...@...s.......@.......A...s... ...@...0.......s...........s...........s...........s...s...`.......S.......3..................@........@...............8.......8...............7.P.................7.........L...:.H..|........@...............8.......8...............8.P.................8.........L...:.H..|........@...............8.......8...............9.P.............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d2ebcfc88aebbd1a8919372ced026957781f1024.qmlc.kjebbJ

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7864
                                                                                                                                                                                                          Entropy (8bit):3.3634237774505524
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:MmoTh7M7Ulcrhg/kyJONZjKccnDpgTy2NVe7VPazeIxfV/TmV/P/u+Xavn47ALBi:n6h4IwOkpjeVPoBVSVHBXQ4crMH
                                                                                                                                                                                                          MD5:9BD094124A9E78BE2A5CD3C1794AE7F9
                                                                                                                                                                                                          SHA1:96FE7C43918BDC599D54ACD66837CDFF755C6A28
                                                                                                                                                                                                          SHA-256:A166FC3CBD00A59812F389D18965DB5CEC9C195C0E4C7DA6DA856AFA38542267
                                                                                                                                                                                                          SHA-512:B475A389EA9EEB89662810AE2EF1894F4C944E5A8947D19A627980A8C75117C728EEB9888E943B9DEFFF96B384A85EBE094175874188BBA302569D52854A36E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP...........................................................z....?......#...V..h...m>:D....K...................(.......(.......(...p...(...............................................................................J...J...........X...........P...........h...............P...#...3...3... ...C...3...3...@...3...3...P...3...3...`...........s...p...s...........s...........`...s.......`...3...3................... ...s...S........... ...P...@...`...s............... ...#...@...........s...3... ...@.......s... ...@...0...s...@...s... ....... ...@.......@...S...................s...`...s...@...s.......@.......A...s...@...s.......@.......A...s... ...@...0.......s...........s...........s...........s...s...`.......S.......3..................@........@...............8.......8...............7.P.................7.........L...:.H..|........@...............8.......8...............8.P.................8.........L...:.H..|........@...............8.......8...............9.P.............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d6fc3b0b34d679575cae9f2205eec5de4d7ba4d6.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1220
                                                                                                                                                                                                          Entropy (8bit):2.9092710934777526
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:EO+fK93w31adZ2yx7jgdGKSR9ag1y0fwp:EXgqQD2yx7jgdGB5N
                                                                                                                                                                                                          MD5:028EFF3B8A716A7A7923B49E8EBFCB29
                                                                                                                                                                                                          SHA1:70CBF7A0D832C67CB3BB6658C7052796C0628220
                                                                                                                                                                                                          SHA-256:20E7BAD7EA858CB2B05C838CAE1132135620817FC0368F81977FEFE4D8916A5A
                                                                                                                                                                                                          SHA-512:0C8F0EA0F209FE6C8CA605EC2149EA16E3D85E2A5FC52E23CD4BA4C59688250C7FE022CA8D2258106C49825EB0A5EC79DA083CB75A61D57770F9C56F610669D5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................]...y..^.7j.....Bl.9.q..Xh.-..........H...........................................................................................................................................@...............8.......8.................P.............................p...............8...`...............0...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................B.a.s.i.c.T.a.b.l.e.V.i.e.w.S.t.y.l.e...........................r.o.o.t.................................T.a.b.l.e.V.i.e.w...............................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........X...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.T.a.b.l.e.V.i.e.w.S.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d6fc3b0b34d679575cae9f2205eec5de4d7ba4d6.qmlc.OLIqSy

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1220
                                                                                                                                                                                                          Entropy (8bit):2.9092710934777526
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:EO+fK93w31adZ2yx7jgdGKSR9ag1y0fwp:EXgqQD2yx7jgdGB5N
                                                                                                                                                                                                          MD5:028EFF3B8A716A7A7923B49E8EBFCB29
                                                                                                                                                                                                          SHA1:70CBF7A0D832C67CB3BB6658C7052796C0628220
                                                                                                                                                                                                          SHA-256:20E7BAD7EA858CB2B05C838CAE1132135620817FC0368F81977FEFE4D8916A5A
                                                                                                                                                                                                          SHA-512:0C8F0EA0F209FE6C8CA605EC2149EA16E3D85E2A5FC52E23CD4BA4C59688250C7FE022CA8D2258106C49825EB0A5EC79DA083CB75A61D57770F9C56F610669D5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.........................................................]...y..^.7j.....Bl.9.q..Xh.-..........H...........................................................................................................................................@...............8.......8.................P.............................p...............8...`...............0...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................B.a.s.i.c.T.a.b.l.e.V.i.e.w.S.t.y.l.e...........................r.o.o.t.................................T.a.b.l.e.V.i.e.w...............................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........X...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.T.a.b.l.e.V.i.e.w.S.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d84965111ef25599e2852e5cb78ae4282056272d.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10652
                                                                                                                                                                                                          Entropy (8bit):3.0695988274281776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:vCJWpqunp9Qn06jsu6VJzzRk7f+J/Nps5eIx/sdxs6jO7FvLxFg1nfMLlsgZ+74R:vCa9LSsu6bHehqyvtFenb2GYatLK9
                                                                                                                                                                                                          MD5:B50CE890630B4C1081568789CA338F4C
                                                                                                                                                                                                          SHA1:C22E2BE8017844530B42A0441BC5150A813E4EEE
                                                                                                                                                                                                          SHA-256:60BD119510DEEF2420CD5EC6EC8DDC0BED8205D369EF8F69A8939E9AF083D2CE
                                                                                                                                                                                                          SHA-512:DE60816970D4EBE6A5224F4B865F78B67CEE514C0B9AA21EB16DBBD6F8B974E5DD1497B5572E5F0C1AA4DFE9EBA06A49D33CC7769BC2A756E30A74A802504DBE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....)...................................................B..{J2.|ez...;.}......,...C.......e...................L.......L.......L...V...L...............................................................................a...a...0!...... ...p.......0.......0...........`...........8............... ...h...........@...................#...#.......#...#...................................S.......................................................................S.......#.......0...C...s...P...s........... ...................S.......s.......................................s.......s.......................s.......s...................s...................s......................................................@...............8.......8...............1.P.................1.....:.J...:.......@...............8.......8...............9.P.................9.....L...:.H.......@...............8.......8...............:.P.................:.....L...:.H.......X.......*.......8.......@...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d84965111ef25599e2852e5cb78ae4282056272d.qmlc.rPnZsn

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10652
                                                                                                                                                                                                          Entropy (8bit):3.0695988274281776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:vCJWpqunp9Qn06jsu6VJzzRk7f+J/Nps5eIx/sdxs6jO7FvLxFg1nfMLlsgZ+74R:vCa9LSsu6bHehqyvtFenb2GYatLK9
                                                                                                                                                                                                          MD5:B50CE890630B4C1081568789CA338F4C
                                                                                                                                                                                                          SHA1:C22E2BE8017844530B42A0441BC5150A813E4EEE
                                                                                                                                                                                                          SHA-256:60BD119510DEEF2420CD5EC6EC8DDC0BED8205D369EF8F69A8939E9AF083D2CE
                                                                                                                                                                                                          SHA-512:DE60816970D4EBE6A5224F4B865F78B67CEE514C0B9AA21EB16DBBD6F8B974E5DD1497B5572E5F0C1AA4DFE9EBA06A49D33CC7769BC2A756E30A74A802504DBE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP.....)...................................................B..{J2.|ez...;.}......,...C.......e...................L.......L.......L...V...L...............................................................................a...a...0!...... ...p.......0.......0...........`...........8............... ...h...........@...................#...#.......#...#...................................S.......................................................................S.......#.......0...C...s...P...s........... ...................S.......s.......................................s.......s.......................s.......s...................s...................s......................................................@...............8.......8...............1.P.................1.....:.J...:.......@...............8.......8...............9.P.................9.....L...:.H.......@...............8.......8...............:.P.................:.....L...:.H.......X.......*.......8.......@...............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e305c12bcefee9ab6ecdbbad461a88adb4683ec6.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):708
                                                                                                                                                                                                          Entropy (8bit):2.7595710220564142
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:gVsCeXEEEEEEEAR1cv5KgdpsbKS/rDlMcEfEEoF:5pRPgdGKSlc8LF
                                                                                                                                                                                                          MD5:B4D845A4923C44695489706DB4DA295C
                                                                                                                                                                                                          SHA1:53A992F733260E2C242CCA32E9AF99C1FA38E827
                                                                                                                                                                                                          SHA-256:BC6B3AD71C25D321887B79550C611ECBCFCC43C2717A5A854C8579ED54AC79C1
                                                                                                                                                                                                          SHA-512:6859FA9E489DF152761B5112BD77879E469ED6A378A4D1F588B8C126505E7CF326B0097FC838F108B5B189E0F5969049B0D573893BBA88C79B39305F296567D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP...........................................................b.B2../riE.=$....X*..3.(..X........................................................................................................................................@...............0...X...............................................................Q.t.Q.u.i.c.k...........................T.e.x.t.............S...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.T.e.x.t.S.i.n.g.l.e.t.o.n...q.m.l...............(.......................)...,.......................T...T...T.......T...T.......T.......T...*.......T.......T...........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e305c12bcefee9ab6ecdbbad461a88adb4683ec6.qmlc.pFvFVC

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):708
                                                                                                                                                                                                          Entropy (8bit):2.7595710220564142
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:gVsCeXEEEEEEEAR1cv5KgdpsbKS/rDlMcEfEEoF:5pRPgdGKSlc8LF
                                                                                                                                                                                                          MD5:B4D845A4923C44695489706DB4DA295C
                                                                                                                                                                                                          SHA1:53A992F733260E2C242CCA32E9AF99C1FA38E827
                                                                                                                                                                                                          SHA-256:BC6B3AD71C25D321887B79550C611ECBCFCC43C2717A5A854C8579ED54AC79C1
                                                                                                                                                                                                          SHA-512:6859FA9E489DF152761B5112BD77879E469ED6A378A4D1F588B8C126505E7CF326B0097FC838F108B5B189E0F5969049B0D573893BBA88C79B39305F296567D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP...........................................................b.B2../riE.=$....X*..3.(..X........................................................................................................................................@...............0...X...............................................................Q.t.Q.u.i.c.k...........................T.e.x.t.............S...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.T.e.x.t.S.i.n.g.l.e.t.o.n...q.m.l...............(.......................)...,.......................T...T...T.......T...T.......T.......T...*.......T.......T...........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e7dce30190a06905261c9a98f3d569943f105db0.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3900
                                                                                                                                                                                                          Entropy (8bit):2.973614033175077
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:G+ccwixqG/Urx8K4DR1mI9R8pna9EJqeAjIOuTHA1q3qLUahglElgdGKS6dtj281:mYD/GML9enxM8HA17ngdGB6n/SVv6
                                                                                                                                                                                                          MD5:3F45AED449CD4E75D8043C4C2D0AD20D
                                                                                                                                                                                                          SHA1:CECDC31424F80515F8C47F1F1DC77B26771FD3A9
                                                                                                                                                                                                          SHA-256:3531CB71D03EDF06609A209E418600E9EFEE11D7B3A1CD04E2B9A4640EE773D4
                                                                                                                                                                                                          SHA-512:896DE513F80299912F2823F97CB231E0D6E0A5F739E32664FC6DBD908E9F0226049A999AC7A11CA3B33507FB092DE3CB0B9B7C5076567180CE1ED3E40C0D0A6D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....<...................................................T34....|....M#l.Fr.|.@:m_a(`...........................8.......8.......8...<...8.......(.......0.......@.......@.......@.......@.......@.......@.......@...............P...@...........H...........P...........X...........`...........X...C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C... ...s... ...C...0...s...0...C...@...s...@...C...P...s...P...C...`...s...`...3...p...3...............................H...............8.......@.............../.P........................./.....L...:.H...:...H...............8.......@...............0.P.........................0.....L...:.H...:...H...............8.......@...............1.P.........................1.....L...:.H...:...H...............8.......@...............2.P.........................2.....L...:.H...:...H...............8.......@...............3.P.........................3...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e7dce30190a06905261c9a98f3d569943f105db0.qmlc.JbNHCh

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3900
                                                                                                                                                                                                          Entropy (8bit):2.973614033175077
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:G+ccwixqG/Urx8K4DR1mI9R8pna9EJqeAjIOuTHA1q3qLUahglElgdGKS6dtj281:mYD/GML9enxM8HA17ngdGB6n/SVv6
                                                                                                                                                                                                          MD5:3F45AED449CD4E75D8043C4C2D0AD20D
                                                                                                                                                                                                          SHA1:CECDC31424F80515F8C47F1F1DC77B26771FD3A9
                                                                                                                                                                                                          SHA-256:3531CB71D03EDF06609A209E418600E9EFEE11D7B3A1CD04E2B9A4640EE773D4
                                                                                                                                                                                                          SHA-512:896DE513F80299912F2823F97CB231E0D6E0A5F739E32664FC6DBD908E9F0226049A999AC7A11CA3B33507FB092DE3CB0B9B7C5076567180CE1ED3E40C0D0A6D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....<...................................................T34....|....M#l.Fr.|.@:m_a(`...........................8.......8.......8...<...8.......(.......0.......@.......@.......@.......@.......@.......@.......@...............P...@...........H...........P...........X...........`...........X...C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C... ...s... ...C...0...s...0...C...@...s...@...C...P...s...P...C...`...s...`...3...p...3...............................H...............8.......@.............../.P........................./.....L...:.H...:...H...............8.......@...............0.P.........................0.....L...:.H...:...H...............8.......@...............1.P.........................1.....L...:.H...:...H...............8.......@...............2.P.........................2.....L...:.H...:...H...............8.......@...............3.P.........................3...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec6fd6d99653daba93f8cd1d4752ca85d42cc66b.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21572
                                                                                                                                                                                                          Entropy (8bit):3.321744143505929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:JJL3SfXxFjAfBOsGe3a2rxgGUTu9Hf6D+HJB8jf+FroEm+PlzUEyLP:JVSxFwU29gnTwfbDdUP
                                                                                                                                                                                                          MD5:C11B39417E3514F884F8FFBBEE899144
                                                                                                                                                                                                          SHA1:A71E8F764C627A639574218E738A6F6A383DD9CD
                                                                                                                                                                                                          SHA-256:9433B008943A6C99A6BCEB73F01398211D49D5049E9B41AD6B261DBFA9A4B812
                                                                                                                                                                                                          SHA-512:5DC3DD0D5658EF825328EBCEAF8FA65A404AC37B856206D3E4F2892F69B153DF0941F69A227F1B865C0F8F432990B3A304650DB9FC3A21BF049A004F66F3E54F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....DT..................................................B..........I.&.`.*.'.V^.P.~...........H................................................................................................................................C......P...............0...........H...........(...x...........X.......X...........@.......(...............H...............(...x.......@.......@...........(...........0...........p...............0............... ...S...0...S...0...3...S...!...3... .......q...3...S.......P...!...S...3... ...P...q...3... ... .......1.......`...3... ...q...s...3...........................#...S...#...S...S...............#...S...#...S...S...............#...................#...@...#... ...............................#...0...#...@...............#.......P...#...#...........................#...0...#...@...a...........#...#...p...........................#...@...#... ...q...........c...c...........#...@...#... ...............#...............................#...p...........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec6fd6d99653daba93f8cd1d4752ca85d42cc66b.qmlc.rooleH

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21572
                                                                                                                                                                                                          Entropy (8bit):3.321744143505929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:JJL3SfXxFjAfBOsGe3a2rxgGUTu9Hf6D+HJB8jf+FroEm+PlzUEyLP:JVSxFwU29gnTwfbDdUP
                                                                                                                                                                                                          MD5:C11B39417E3514F884F8FFBBEE899144
                                                                                                                                                                                                          SHA1:A71E8F764C627A639574218E738A6F6A383DD9CD
                                                                                                                                                                                                          SHA-256:9433B008943A6C99A6BCEB73F01398211D49D5049E9B41AD6B261DBFA9A4B812
                                                                                                                                                                                                          SHA-512:5DC3DD0D5658EF825328EBCEAF8FA65A404AC37B856206D3E4F2892F69B153DF0941F69A227F1B865C0F8F432990B3A304650DB9FC3A21BF049A004F66F3E54F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....DT..................................................B..........I.&.`.*.'.V^.P.~...........H................................................................................................................................C......P...............0...........H...........(...x...........X.......X...........@.......(...............H...............(...x.......@.......@...........(...........0...........p...............0............... ...S...0...S...0...3...S...!...3... .......q...3...S.......P...!...S...3... ...P...q...3... ... .......1.......`...3... ...q...s...3...........................#...S...#...S...S...............#...S...#...S...S...............#...................#...@...#... ...............................#...0...#...@...............#.......P...#...#...........................#...0...#...@...a...........#...#...p...........................#...@...#... ...q...........c...c...........#...@...#... ...............#...............................#...p...........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec76cc1927cd29bd8d9d5ebcafb1e6ba92b3e8ca.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9652
                                                                                                                                                                                                          Entropy (8bit):3.1504689567574418
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:RQQg2LyDk4ilDItq3zphgnoRYPqC7izxj:CSxRgP/mj
                                                                                                                                                                                                          MD5:227762D7D44D3BC82F0C6F325156D69D
                                                                                                                                                                                                          SHA1:A9CAD87DE1189AE185C31AAF42CE780498EDC308
                                                                                                                                                                                                          SHA-256:4D7B08F22436234BD54A6BF7AEA6E21B102770C71859E8E0843440087F1BF97B
                                                                                                                                                                                                          SHA-512:61EC3B57087EA3C460DFC07295617C1D04CD99A613DA976E38FD226C6C79295864A62D1FE91B91D98B53E701517B71AE6EEEAB9B4BAEB6118952F54E551AB238
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......k.yP.....%........................................................^..F.Q4..9.a.k.F...~...s....R...................D.......D.......D...<...D.......4.......@.......x.......x.......x.......x.......x.......x.......x.......Q...Q.......x.......(...p...........H........... ...h....... ...p.......P...........`...C...P...C.......P...C.......C.......C...............c...s...3...p...C...S...........S...........P...s.......S.......s.......S...............................................................C.......S...........S.......P...................c......................................................................@...............8.......8...............d.P.................d...........................@...............8.......8.................P.............................................@...............8.......8.........................................:.....@...............8.......8.........................................:.....@.......$.......8.......8...............%.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec76cc1927cd29bd8d9d5ebcafb1e6ba92b3e8ca.qmlc.OvAVvn

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9652
                                                                                                                                                                                                          Entropy (8bit):3.1504689567574418
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:RQQg2LyDk4ilDItq3zphgnoRYPqC7izxj:CSxRgP/mj
                                                                                                                                                                                                          MD5:227762D7D44D3BC82F0C6F325156D69D
                                                                                                                                                                                                          SHA1:A9CAD87DE1189AE185C31AAF42CE780498EDC308
                                                                                                                                                                                                          SHA-256:4D7B08F22436234BD54A6BF7AEA6E21B102770C71859E8E0843440087F1BF97B
                                                                                                                                                                                                          SHA-512:61EC3B57087EA3C460DFC07295617C1D04CD99A613DA976E38FD226C6C79295864A62D1FE91B91D98B53E701517B71AE6EEEAB9B4BAEB6118952F54E551AB238
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).......k.yP.....%........................................................^..F.Q4..9.a.k.F...~...s....R...................D.......D.......D...<...D.......4.......@.......x.......x.......x.......x.......x.......x.......x.......Q...Q.......x.......(...p...........H........... ...h....... ...p.......P...........`...C...P...C.......P...C.......C.......C...............c...s...3...p...C...S...........S...........P...s.......S.......s.......S...............................................................C.......S...........S.......P...................c......................................................................@...............8.......8...............d.P.................d...........................@...............8.......8.................P.............................................@...............8.......8.........................................:.....@...............8.......8.........................................:.....@.......$.......8.......8...............%.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ed2dba63e322560d326b902bbe0f717f52859c5e.qmlc (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14912
                                                                                                                                                                                                          Entropy (8bit):3.1564773664934114
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:TVqA+MnHbasDhU0MfNfwwziiGsqjmH1VnMmA5bTNwFvFeig/uX:5lJhU0mNfT4bTNwFvjgO
                                                                                                                                                                                                          MD5:5303E9ED4E5A28BAE19638741C5AE82F
                                                                                                                                                                                                          SHA1:48D1E46A3C1C76C0178EBC2BD1DC23063631893D
                                                                                                                                                                                                          SHA-256:22959E80937FE9190BCF10A1AFD1B6E745166585D0EDDA2330A749DEC3AEA3CE
                                                                                                                                                                                                          SHA-512:E5F53AE39A8BB36800CB1B9C1F6372E84276194DA6872EEA8818CE8EBF14B8CBE7019CBDFF469395A21BADE716EA364F366121BAC58E80A28ACED9F360DA67F6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....@:..................................................(...@....{. ..=\..=.S..S..H.c."........H...(...................................................................................................................|...|..../......`...........`...........h.......0...............h...........@....... ....... ...h...........@...........H...........0...x.......8...........X.......(.......c...c.......c...c.......C...c.......P...c...c.......c...c.......s...`...s...`.......s.......s...`.......s.......c.......#.......C...C...C...s...`...C...s...p...........................c...s...c.......c.......c...........................................................................C...s...p.......p...........................s.......s...`...#...s.......s...`...#...s.......s...`...s.......C...s.......................P.......s.......s...`...s.......s...@...s...s...............s...C...s...p...................s...s... ...3...................@.......P...`...S...p...........................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ed2dba63e322560d326b902bbe0f717f52859c5e.qmlc.PaQKca

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14912
                                                                                                                                                                                                          Entropy (8bit):3.1564773664934114
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:TVqA+MnHbasDhU0MfNfwwziiGsqjmH1VnMmA5bTNwFvFeig/uX:5lJhU0mNfT4bTNwFvjgO
                                                                                                                                                                                                          MD5:5303E9ED4E5A28BAE19638741C5AE82F
                                                                                                                                                                                                          SHA1:48D1E46A3C1C76C0178EBC2BD1DC23063631893D
                                                                                                                                                                                                          SHA-256:22959E80937FE9190BCF10A1AFD1B6E745166585D0EDDA2330A749DEC3AEA3CE
                                                                                                                                                                                                          SHA-512:E5F53AE39A8BB36800CB1B9C1F6372E84276194DA6872EEA8818CE8EBF14B8CBE7019CBDFF469395A21BADE716EA364F366121BAC58E80A28ACED9F360DA67F6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:qv4cdata).........yP....@:..................................................(...@....{. ..=\..=.S..S..H.c."........H...(...................................................................................................................|...|..../......`...........`...........h.......0...............h...........@....... ....... ...h...........@...........H...........0...x.......8...........X.......(.......c...c.......c...c.......C...c.......P...c...c.......c...c.......s...`...s...`.......s.......s...`.......s.......c.......#.......C...C...C...s...`...C...s...p...........................c...s...c.......c.......c...........................................................................C...s...p.......p...........................s.......s...`...#...s.......s...`...#...s.......s...`...s.......C...s.......................P.......s.......s...`...s.......s...@...s...s...............s...C...s...p...................s...s... ...3...................@.......P...`...S...p...........................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1970
                                                                                                                                                                                                          Entropy (8bit):5.354462464455413
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MxHK1BIYHKh6ouHFJHTlEH63HKXu8mHitHoAhAHKzTHxWH3:iq1yYqh6oufzma3qaCtIAeqzTRWX
                                                                                                                                                                                                          MD5:B383267D54E41B720B86EEF96B9F24D9
                                                                                                                                                                                                          SHA1:DBBCF8D0E4B234BD02D357B9D639591973D6D0AC
                                                                                                                                                                                                          SHA-256:45FB97B4A281866B8B4E9246BFABF4360947838282E756FEF1C49ACF09FA3F8B
                                                                                                                                                                                                          SHA-512:4014B9B97F2EE030FD56E15283A80EB96627BA81B521759CFBFC23CEA53B715D68BBBE56468B8CEA0D908A3D2279C7189DAC36DE1A8826A91CBD706EE0179557
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\52ec98467da21601034ee080a6de3215\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4e8cc6067585c3a3a918b22c7f6271ba\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\46BKFKIN\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):142521560
                                                                                                                                                                                                          Entropy (8bit):7.999975759014379
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3145728:hIDKzMAN3dJtuKQ5jMQWmOpQQZl01EOF2GBE2Rpoa65Zc5EE:hIMXpde5A3/pQK9sFpI3lE
                                                                                                                                                                                                          MD5:68FB03C2804B75DDD43E83A098C698E5
                                                                                                                                                                                                          SHA1:C1190FA782F7C0ECA06676028ABF801D291527C8
                                                                                                                                                                                                          SHA-256:7FB69C7DA2937C4CC97B29E5322DB01F69E0632A933AF673DA84E14E8E68D141
                                                                                                                                                                                                          SHA-512:E1CBCFA179683415FB1BDDCA87A61E0D9E504BB465004CBC3F47A6A286563C9B9D293DFF81A1F73FBA2425F94C8139FE45A19AAE9A5F42DA60F28EB3F8DB4CD6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@...................................~...@..................................R..d...................8.~..).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\46BKFKIN\avast-logo[1].png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 310 x 310, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5597
                                                                                                                                                                                                          Entropy (8bit):7.930864219078105
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:YUazc+n309EQzae59JS5h7BTfJf9dT0hnRH6zZbzK4o0/SGM1ys8LT76b+wTFz3W:wzf3+dnfJSn1TfJFdYhnRHMZXjSJ1Y2W
                                                                                                                                                                                                          MD5:6DA02DC09567A47EE1F17792580ABF35
                                                                                                                                                                                                          SHA1:2F23D346836398E9395A842799DB6DDEF341EEEF
                                                                                                                                                                                                          SHA-256:FEB90D443AF4ACB95CCC58DE38E9022345D2CBE3DBE38A18034F0E30C4BBDE89
                                                                                                                                                                                                          SHA-512:E8888166F82AFE7A18D3644C26E3D2DFBEAF08F8CD6DD0DC35B6A6F8AF9E4C3D80EA09BE5868CCEB1C05BD165897F6C741DA765CE533A63CE6919E447CF8DCED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...6...6......bN.....PLTE...................................................................................................................................................................................................5x.4...@tRNS.........#..(........E.......x.T..>..-...OJ62.|Y.fA^...k:.rb.o.V.rb....IDATx....v.@...QC.*@. .^Lo......S%/y..6eF.'....0...."m.J..t.j..Y.;:....,...7].K#;K.}.(..z..XLV......]o].w.E...h............A. ..m..........3.tw..../>l.i..?{V.T0R.Z.L.Yf.%!"9....Y.a..@.Q\.....J......;..6...H.w...&......I......&>".O.t..........F.rV.)tp5j...`..|\...t'....Q...v..SA<..[....q...... =.cN..I.A........y.R/...Uq..nU....[..xv..j...Ws.;.;.^0.xq7.*:....(F..nDP..H=....q_..n.T.........7.^..k.7.k..........1..]M..C.^.>...w Co..J....fX[<.3....;.NzI...m...n...Y./.G+?W...C.\c,...`..-......fN.Mj......^..~.T.R...T.A..D..7...CP......`..\:Ja...."33..>...%...SDf.pRz'eJf...?.(X{...M......$..6.....IpR&9..y.8.u:C...DU#QY..........#A.....!.id....>..+.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\features[1].json

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1451
                                                                                                                                                                                                          Entropy (8bit):4.395404934994687
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:YPiRyiRAS3RH4rRUtRCRMR6mR9R5DR3RoRY+RWEIiRGiRCR8xRIjRuAcBpDRJRl6:YqRyiRhRYRUtRCRMR6mR9R5DR3RoRJRm
                                                                                                                                                                                                          MD5:E297CF33FDD2A49EB648484FEA3912A4
                                                                                                                                                                                                          SHA1:BF313E34E9B33731EBA607CE8AE0762BA6BE8EE9
                                                                                                                                                                                                          SHA-256:B9D5DB235003326AEAA41D3ACCBD9F7137A0CDDDC7A19CCA6729A937E3DBE796
                                                                                                                                                                                                          SHA-512:B5F40F676E5372950D12CD68604CDA12864CD7A9DF593410C7BABFEA27AF1F0A8B5977F949448FE65C82DD229B474D962219E23326DD1A84217E248CC6344014
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"features":{"01979299c8cd":{"state":"enabled"},"13e025f64bd6":{"state":"disabled"},"13eeaf851da7":{"state":"enabled"},"1ad69b007ce5":{"state":"enabled"},"1c4dddb65bac":{"state":"enabled"},"1d24dceb937a":{"state":"enabled"},"278deecb29a1":{"state":"enabled"},"2c1429a5a72e":{"state":"enabled"},"3389f6c15eb9":{"state":"enabled"},"40db6e644d2c":{"state":"disabled"},"50796754ffc7":{"state":"enabled"},"5448a57d6689":{"state":"disabled"},"54726ed4401e":{"state":"enabled"},"56d717ae3ad6":{"state":"enabled"},"5a28d66c82cd":{"state":"enabled"},"603cade21cf7":{"state":"enabled"},"654296fe9d6c":{"state":"enabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"8511df77ed15":{"state":"enabled"},"88edd7903398":{"state":"enabled"},"970fe421a344":{"state":"enabled"},"9ec4e68ae70a":{"state":"disabled"},"b2a2a32b832b":{"state":"enabled"},"b7751444d14a":{"state":"enabled"},"b9677b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\index_en[1].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (380), with CRLF, LF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5392
                                                                                                                                                                                                          Entropy (8bit):5.010250088104232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:j/kv8Z257+SOaZoYi45iPunYPh+KNVcXCYks:ji80OIgYoJXs
                                                                                                                                                                                                          MD5:2C9729B902464EB5D1B7CB9BADE8876F
                                                                                                                                                                                                          SHA1:11EAC63CAC0BBC84E4A7ED1285E55FC93E0AB57F
                                                                                                                                                                                                          SHA-256:5B564DB32C70FC423D94381DB25F088720689EA6D93F7D97E36271DC4DD1B716
                                                                                                                                                                                                          SHA-512:D7BA48D9279579F41DEFFABB0763585ECF33A91DDD9FD60B6BED443C55FB41AA4861BA63FB54D6911833E10ACCC0A57BC541DA4AE036271A380C16E020A58D11
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <title>Avast Free Antivirus</title>.. <style type="text/css">.html {.. font-family: sans-serif;..}..* {.. box-sizing: content-box;..}..body {.. margin: 0;.. padding: 0;.. background: #ffffff;.. color: #37474f;.. font-family: "Roboto", sans-serif;.. /*font-size: 1em;*/.. font-size: 15px;.. font-weight: 400;..}..html, body {.. overflow: hidden !important;..}...clear {.. display: block;.. clear: both;.. font-size: 0;.. height: 1px;..}..ul, ol, li {.. padding: 0;.. margin: 0;..}..ul, ol {.. padding: 15px 0;..}..li {.. list-style-type: none;.. margin-bottom: 5px;..}..li:last-child {.. margin-bottom: 0;..}..p { margin: 0; }..a,..a:active {.. color: #2b76c1;.. text-decoration: underline;.. outline: 0..}..a:hover,..a:focus {.. color: #225f9b;.. text-decoration: none;.. outline: 0..}...container {.. /*position: relative; */.. /* left: 50%; */.. /* right: 50%; */.. /* margin: 0 -400px; */..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B0ZBZFKQ\Opera_GX_assistant_73.0.3856.382_Setup[1].exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1499104
                                                                                                                                                                                                          Entropy (8bit):7.985603261747699
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                                          MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                          SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                                          SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                                          SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B0ZBZFKQ\index_en[1].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (473), with CRLF, LF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5450
                                                                                                                                                                                                          Entropy (8bit):5.022951393170709
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Z/kv8Z257+SgaZoYi45iPunYPh+KN7ceMy1N/Kf8/omJ:Zi80gIgYoJJ1hKOomJ
                                                                                                                                                                                                          MD5:5EDF2551C2B8429DBE05F6BA36A31192
                                                                                                                                                                                                          SHA1:FE23515BF0675FCD7318A0BB4BFB5ECDB74945A3
                                                                                                                                                                                                          SHA-256:49EF03BDB84772838CAC904F5BF47B2336173D897BE70D401CFB592AA7EFF9E1
                                                                                                                                                                                                          SHA-512:23DFBD984A7F8526B6E817F78CB13E5FD3135049B131D3E3AB65A8E4ACBD575DC3F1CD5D0C87FE032AF0300BDE0C12F89131717AAF31C61B9D6264AE5DC942F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <title>Opera GX</title>.. <style type="text/css">.html {.. font-family: sans-serif;..}..* {.. box-sizing: content-box;..}..body {.. margin: 0;.. padding: 0;.. background: #ffffff;.. color: #37474f;.. font-family: "Roboto", sans-serif;.. /*font-size: 1em;*/.. font-size: 15px;.. font-weight: 400;..}..html, body {.. overflow: hidden !important;..}...clear {.. display: block;.. clear: both;.. font-size: 0;.. height: 1px;..}..ul, ol, li {.. padding: 0;.. margin: 0;..}..ul, ol {.. padding: 15px 0;..}..li {.. list-style-type: none;.. margin-bottom: 5px;..}..li:last-child {.. margin-bottom: 0;..}..p { margin: 0; }..a,..a:active {.. color: #2b76c1;.. text-decoration: underline;.. outline: 0..}..a:hover,..a:focus {.. color: #225f9b;.. text-decoration: none;.. outline: 0..}...container {.. /*position: relative; */.. /* left: 50%; */.. /* right: 50%; */.. /* margin: 0 -400px; */.. width: 800px

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B0ZBZFKQ\index_en[2].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (644), with CRLF, LF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5688
                                                                                                                                                                                                          Entropy (8bit):5.0217824583912805
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:u/kv8Z257+S2aZoYi45iPunYPh+KNacTgJpJ:ui802IgYoJpgHJ
                                                                                                                                                                                                          MD5:2E76FAC32AA18021DA91DDA6B231C28A
                                                                                                                                                                                                          SHA1:A3EB5C2BC9694103078B27ED86D050750427CF58
                                                                                                                                                                                                          SHA-256:3AE498C63B05F331018CF85DC7ECAE59CBE94B9D2AEB8DC7B4D74C9258D4F56C
                                                                                                                                                                                                          SHA-512:EC1EAD02554BB5FEA773A361FFA0DE7B9C50770C3DBD06AD884D1A3687BEB172A1C01C921C8EF6D0B3E0BC4123932969F26782ED3D2041463F596DB5ADCC46B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <title>Secure password manager</title>.. <style type="text/css">.html {.. font-family: sans-serif;..}..* {.. box-sizing: content-box;..}..body {.. margin: 0;.. padding: 0;.. background: #ffffff;.. color: #37474f;.. font-family: "Roboto", sans-serif;.. /*font-size: 1em;*/.. font-size: 15px;.. font-weight: 400;..}..html, body {.. overflow: hidden !important;..}...clear {.. display: block;.. clear: both;.. font-size: 0;.. height: 1px;..}..ul, ol, li {.. padding: 0;.. margin: 0;..}..ul, ol {.. padding: 15px 0;..}..li {.. list-style-type: none;.. margin-bottom: 5px;..}..li:last-child {.. margin-bottom: 0;..}..p { margin: 0; }..a,..a:active {.. color: #2b76c1;.. text-decoration: underline;.. outline: 0..}..a:hover,..a:focus {.. color: #225f9b;.. text-decoration: none;.. outline: 0..}...container {.. /*position: relative; */.. /* left: 50%; */.. /* right: 50%; */.. /* margin: 0 -400px; */.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\1714144780-custom_partner_content[1].json

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):242304
                                                                                                                                                                                                          Entropy (8bit):6.028776242997077
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:+lrEaq+nSpKS1d/ttUYD6W6Z2NrwYrVZCs0iUCabiKfAu/wX2OCy:cEe+1btUYOnkrPVZCCUCabNU
                                                                                                                                                                                                          MD5:8EEDA41CF4BB6900216E9A91E69BF857
                                                                                                                                                                                                          SHA1:858FD2E9F90A1A55C4A7B6DE5C1EEABC851749C1
                                                                                                                                                                                                          SHA-256:00CC54663583EE631FA4063B2AF65B89B3451C70435D8EAF9F8332B5CDE916E7
                                                                                                                                                                                                          SHA-512:EB08D29C0F317FE0B3214BBE56CDC3B6F9C0C6A4289FB6C459F6915C2E227B507E32B8763FFD28BDBA829DE7CACE4C3816346B30550410E9D09A2B637D921748
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:// oIafncyzxXIthD3yrr0ExADLGcSvJVUPhfm/Ps9IJWzBeVPqfctf2eq3cfSQou5ntqGt6gg7DLHaqxPUf7YMzjoasvVdoztX/1r0O8XKGUx89DnXb+9PZJe/CcnoP0KFiAxZlugvMS9+zaPR/MbZpGnOO7Ylzoxo0Y3WXqfWtpQ8jK9r4pMa23T1hW1X+kj1PKpTOpTZtsm2TtxQGPUXsMmvu/XJHkjGSVpTyFCVFrobvLd0XQPWe6oqLrvsNgPW9HJjbDWiR3cUL2kxGw8qsix5PK/KijbPVyf/tuIv2CYgca2qfUrmjNG5/Mx03+QaecavFhuVV4KaWFacYnatuQ==.{. "version": 41,. "partner_id": "std-2",. "user_agent": "std-2",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\mp-logo[1].png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 310 x 310, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12664
                                                                                                                                                                                                          Entropy (8bit):7.964654581482677
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:KgMHj/MJ89mWXxFxbi8mqxUQPS2GazkqHaKi70hG:jMI23hFxbi8DPjzkq6Kct
                                                                                                                                                                                                          MD5:C30F11F25AD96508053C19338005B7CD
                                                                                                                                                                                                          SHA1:051FACB8B0BEE4B92770FF86E06FFA92A8D14A06
                                                                                                                                                                                                          SHA-256:9F692C39DD5C8E5C302953419266072AB8F78FBA9207630D93D19A04D34B964E
                                                                                                                                                                                                          SHA-512:8AD8F7ACC643172BF78A904B4ECEEFDDA5F427C335935B1E7CA67D3FE5FFC528C64390C74461A01B9657C5FE03DF95E1B7A0A00F39E1F82886D4356236CB70CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...6...6...........pHYs.................sRGB.........gAMA......a...1.IDATx..mv.W..ZR..36H..'.4b..+@......@V.Y..........e.V>ebr....L..znu.lY...zow..q........^........_.&.].."P;.....;<.....x...m.ho...0Q.o.....G...S@.=.&...S..Cs.C.#... ..D.5..]....w.X..z........tG.BH...x....a....j..[.!`.x....dDV ...7. .....t.. .............J...O.....b....e'.m..a...........@.*.X..+KC$z......"l...Y..>.!K.JX...E..@,:..as.O.>y..(8R...B........Xs.!....1S..XeE.Ys..;.....#.f1"f6.pY.Xr.".f.,f...`.S.3.....U..y'19..a...-...1..P}.j2!.W..\t/(.t.S...vw.X.....tn..P:"l%R/W.G..`H.....GA.[.<.{.z.YX......\....a+.?._...'P].l..m.g.q{..=..9x].=[.O...<e.J.xD.."t7........M.6.w[.Pb.=D._..)+.......[..-(V...].l.!.CR..<..."......a......3.?;..&S....,tPh..".6.....|.a......1.K.'l.p2g.p.B..5.H..^..e..[F...3R.'.k._.Y.. .~..'....5"l)....n..2..h.wD.x..%'I...aK.....D.tqW.aK. x....O.D.."......u.Y5....-s>.r....!.p...qO..a3 L.....N..YQ=a[.......8.S.d0C.M...eAu.m...e/p. ..q;....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\opera-logo[1].png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PNG image data, 346 x 319, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28748
                                                                                                                                                                                                          Entropy (8bit):7.980678917738332
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:MFQN7q8MMskPoqqCNp8fIZvq39gRLAXjXWOZTT5:MFQQwFwCNs0qNgRLmjGOZH5
                                                                                                                                                                                                          MD5:76BE1548DF3BAE224BAD7FE05A693D69
                                                                                                                                                                                                          SHA1:AC28ED1573C24D71D086CAFB83A08DD46EF142FF
                                                                                                                                                                                                          SHA-256:3DFA32B234CACE5FEFA9EC1DB883A56EA677DDD28E7082477BA425AD08BB4562
                                                                                                                                                                                                          SHA-512:4F6D16BD7B25CAA78C258B2D476F2428B0BE15D0C98F6F4A85DD77438F21A1F384ABB4DAE5FDF23A77289D355A158B43C62F85B3AFF22543F454BE5909AF22D5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...Z...?......h......pHYs.................sRGB.........gAMA......a...o.IDATx....\U....UU.......,aOXd.."......8*..8..8..uP.qA..qcPQP\.D..]...aKB:.I..um...[...aI.....4tu'.].{...s.=..`0.....`0.....`0.....`0....A.........+...k.LLD..h...[-..i[...%......&]...Q..N.......t...V.....=......'...q\.H..a.|._OI.5.'].1(.9D{ZtG...O#...C.1Bk..,...lv.#.Bpi/....u...........0..X`C..".....h.H..E..p...4.9..O.8.......%]x\......(.....F......Rk......P&...!.HW,e.p.$\..i/.g...a..0........|i.a.......1..1..'.Z...n{xj....+W:|....`...(...H..r..C..W../.....Hm.y....{...-..PdQ..D.l.o....{.......K.`0<.Fh....Ul...p.K.J.,.(.G.E(.[Y.`..l....?n......A.....A.e#...a.v..|.C.l... .TvH..>.~.X;....s......._.xB.....m.Q:..Y(m..-c|...#....V.#@..S..`.*.t..Y...?....=.*....p7.{W...).s.===..;.0B;O..+..O=u../..,. ....K >.....+j.eu...)^.n!to.I&o.....Fh}..f2.......]..3XT.bQ..K....,Yv....}.Y..g..`2...^0..?1B.3*..2..[....cxZ...^.O:..f.i..(...u....,...|..Z......lG.......l.-....+H~

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\112.0.5197.60.manifest

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):225
                                                                                                                                                                                                          Entropy (8bit):4.926635459166608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:KdhlRu9TbX+A8/5RFYpHp1vF/Fkwp1vF/FX0CdiYCWoA1G:KLuVA5cp/vN26vNV07vWBG
                                                                                                                                                                                                          MD5:6F5C3870B29F428EB81CD0ED410E21B3
                                                                                                                                                                                                          SHA1:A65704EE12B898922856C3E8CEBB2392A1C7A09E
                                                                                                                                                                                                          SHA-256:E2ADC18F8EAFEE558C1EF3B16E39600F0A29522D2597E48A4FDCA8A44B08287A
                                                                                                                                                                                                          SHA-512:6F7F95A65DE94938E22E35B3932CAC0F65DC259ABDB03D2E7B35853A5155F73E5DDD2EA2DA9B374234BFFD49D6A9D129A3C4A4C942290F516E72A4055AE7D698
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='112.0.5197.60'.. version='112.0.5197.60'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\6414d441-80c4-4b03-a07f-507c1d33fdd6.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):407911083
                                                                                                                                                                                                          Entropy (8bit):7.0922186810331524
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:E9CB576F5B77FB4A397029F596A224D6
                                                                                                                                                                                                          SHA1:301E93F609C9E60BBAE7822F1F3BC97E0245D765
                                                                                                                                                                                                          SHA-256:81997FC67A6C027487D80F888BBD04D13A9D23D2BA65C2B5660ACD25DEE52FC7
                                                                                                                                                                                                          SHA-512:1CD42E246C5F82184F81730BB3DB921DD069B918B3C723CDB4C60A99337BD50D3D2E474F3BA7E539E2A60227052DB48962558DC25936B0C7237865124EA029B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='112.0.5197.60'.. version='112.0.5197.60'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>...PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......g

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-100.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2181
                                                                                                                                                                                                          Entropy (8bit):7.807674908350133
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Pe+1prHq0WWdnFX5lKhqEiJVk10s5pqe/cme:G+1prHqXkhrWqEiJa10ae
                                                                                                                                                                                                          MD5:B5A21B88B3D8A42DF265817EBEB742BB
                                                                                                                                                                                                          SHA1:E0BE32B4FC158DB4E9783094CCE614922114B742
                                                                                                                                                                                                          SHA-256:9635C074C9D8EDDE0BAF3111DBD7DB49CBDC370C4F729C80AC382949F32BE526
                                                                                                                                                                                                          SHA-512:21ECE0DCF17B038400D09565438FCE8BE61746DAA0250F2FA9D0526BBA3D1CE6F8DA5CCE944EF8FA685C5EB6CF857B073D2A50ADA44A44A76D84813871FAA5D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......gt..6...7YjaU....0.*.......3..l.#.. =.h0t.06.v..C...T.}m..%...g..i,Cq..8.g.q..hx. .>..Kz...1....VF.)..q..$....._Z-.U...(....~>...-z]$.mh.%...e.+.....|.n.2..:...N._R..x..>.|S......i?.P....Q.F.d..U.8..i...T...........I.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-100_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 150 x 150, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1828
                                                                                                                                                                                                          Entropy (8bit):7.716814612583543
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:uIrxqF+qFL9yUaKagPWex0mLgIbPdyFKD0YTkogFey6mkAN7G:3wFRoGagTx0A4KDfTko6eCZG
                                                                                                                                                                                                          MD5:0BAE0648C3E320C4D439F158B4FD5531
                                                                                                                                                                                                          SHA1:4E860AE24F03522C89BDF37F3CCC10B54832861E
                                                                                                                                                                                                          SHA-256:28CE8FCB22080CE1F69346CB0720BBE5662959E413426F00062B706013DA8C28
                                                                                                                                                                                                          SHA-512:6A5E4105CCBE1664546798DB057B93622C9CBD6D5AF4967E6BE4E390A18FEC0FFCC807E3331F09ED0DE63ED85569BE7EC5EED5A7C663DF6CE4A5B70E09500371
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR................i....IDATx...i.]U........J..RT.H....T...seV..)b.B.5.@.a.Q..P.c. 2E....eR...P(.....P........I...s..v...y...u......Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ...S.n...j.."....p..|B..]....>.......9.32.....Y.l.R..*y.\.8.4.....p.K..EY%}.5.h.[*.|.V..i.F..q~...;..W61.M5_..1F...Gj..IZ..u. ...*.w....oS..D.r.).U....j.y.#..y..U..;S.-"...n..v.^i.UW.j.hk...n.....,...LRe[.i.}....H.z@.9.q..".v.U9.""n.)....DD.iX.b.....*'....v5.#..~.$.7.]..Tm.....i......+....m...x.j_.'"NG.]..n.j.vl{..Ls...;.T.=E..3...1;.v..xB...*"^.1U..8...xL,7]...D.9.i.."..N.."...c..D...X...c+.t..8M...[......"f.........R..0R.1..Xh..;ND.=U.ID.a.....v..8...'.uct.....k.q>.q.jc.+b...F....r....AN.....}.....Y.J.k~.;4.3".U....s..$....n.q.b{.q.j......".Y_..E...b.=.S.".4...[...S....Y.6O.L...."...."......i../"..!M.>..4ED.....I..""60x.Ct.i...4.."..f..`(.....4..5.L....o........*W....xX.M...E..C...r.....U...8..<'.G.}D....E.k!.8...ED..iL...V.8.."b.C3[Dl..gED..^....-...NDL.iBs..O...`m..zW...k.A

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-140.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3140
                                                                                                                                                                                                          Entropy (8bit):7.81304512495968
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:X4+RWiQZwj2bSjtW8+i2elETWt5nQ1pzuiV8:ozEW8+iZECt9kzuie
                                                                                                                                                                                                          MD5:7E529063A02E4E83736B0263CB1B82E0
                                                                                                                                                                                                          SHA1:17A3C4B76962E90B1D2FA8A49441157949F4DC78
                                                                                                                                                                                                          SHA-256:A36A13A5D5E3D39E3018CCC5F8859944C87256F8BE24A3C08A6BF3CB06A26804
                                                                                                                                                                                                          SHA-512:571806725F83FECA90360B246D167A8857EDFD9EDC8DC0EF7EEEF80F291FD06088C405A5653513CB8AA309DF08CD609DF85A95E3379E3E5907566C876CA77CDE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............?..B....IDATx................................................{..dg.8....m....m.Z.m..;;y...s.GI?..Su..k=.T#..#.;..}/\.g..:b..a+.....t.A}...q..hq.-.}...`:.gk....tm.$...Ax.....B....c.ih....G6L.....;...T.U0...l....~...........W....=<j.....X..O.....r.Y..-..Q..1.....q`..PC..jL...x.'9........y.b=L.m..(U........a.....W......`:.Me.jh..U0.......;..{..I..|.W..C..4...b.nt.......L..a.........`9.!..7N@.......E.?..$.._.q..6..":.+`....W.O.G>o.F.K.c..G.28..Q.....|.....m..#X......N.P..{:...1.........4...F.....w......Z89.Y.w`.L...v.DC.h'......h...[=...c.2...&ze*h..t..j...@?..cpN......0...KC.....f..F.....2"...c1..m.)y..q..(..C,.e..!w.N@I..q4.......!.A...;q..Y..sy.{...."L.p..#<...'.-8.!u.C#...O;.......y<.=....h.c<.=...5N...s....._...p,..Ia...yo....=...Y..4...t.}m@....g._.......#.M{...t........t...;.bjh..l..84.C8..z....B9..[.D.R..}...r..e.pl...~.....<.~ `...Ep..b...L.^.9..x.vB..IZH.a,k..c..L..U...M0....}.n........H..<.!..B.(Y

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-140_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 210 x 210, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2659
                                                                                                                                                                                                          Entropy (8bit):7.828610258666657
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:zQX9JrPPPPPPnouwOlIbylOhFARjcSY1E1y0fAiKb+Y+GzYvpSYWTX5sPPPPPPPn:z0rPPPPPPojFby+m00fAiKiySSYWTXqP
                                                                                                                                                                                                          MD5:EBE7D27ED3B4CB6566A10165ABFAA941
                                                                                                                                                                                                          SHA1:FDF7C27058CF5DAF7061756E938A33C1BBB26C3D
                                                                                                                                                                                                          SHA-256:0BD63FE653885286E180FBDF6D1DADC66AF242B8ED6BD1D03D8C5ECCC20E91D7
                                                                                                                                                                                                          SHA-512:50EC8592D78F00A6387F06E077E0DEF88DB26723C0FB8632C4EA06F2E09488DB0FB82E0EB1F03DA53F9C750F6CEBD29F7889B1DE342E4F0AE69F88C4B7B1425B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...............V....*IDATx...{.]U}......"... .!.#..D .k..:.....5...6B..Q@+..lq.(%my.P..C-..Eb..<L5..<C!.1.$wu...f..}........5..Yk...^{.}..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)u.d.Y.b?t..Q.E.,u......$o.-..rK....nw..7..w.TF..-...5=.r....?N...a.N.....~7..7,...r..-..q.}..R....Ye#y.u...IF2...Z..6.o.F....R1<w..]T..H..zw{.k..Y.L.Fm.k.ay.W.P.....I..,5G..C..........v.]...].-R..A......1.a;J-..>E....Qe'............#^VF.J.J-.....LRe.....|....g.M.e.+<.l$gHM.l..y..T.s#.Ow.o+....=...4....P"..J...("...]...~....z...h...P.*..QD....Fg.a..7m...W.`.j..C.q...E....D........8.i..D...^c...J.,.../.&rH[M..9.4._kfzN..#..bD.....[.D.4M3.....2Cs.........._k.Z%....bs7+...wkf...'.%..D.j..!M4A.z-R.k5.....q+-.*&j,..GE......p..(.j_V"......i.M...7.....E..LUz.8>i..jm....[.T.].F.%Q.;.2.....X.x.....-...b...;EQ..dU...avR[..V...f....`,.....J........K...........NWe.....Z:YT.>..{....-..(.uvV......P.x...m..ku.)q..Z>9vU;.)..xTC........j"..ra..D..(..6...t.Ib.O.....D

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-180.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3904
                                                                                                                                                                                                          Entropy (8bit):7.301300867894784
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Fe0zdfrjvg/ofL7NkqKgOL6bq64wL3XtakhXSTxyfO8cg7WZUScsO62vSQ6Q4MCR:JdfrYoDdbJlXBRSMoj6H626Qr45eg
                                                                                                                                                                                                          MD5:F332E088E89B88070EF1EFBECA5B90F8
                                                                                                                                                                                                          SHA1:86129A8B1E2E7F78D6CE23C58A37FAC9DA5E566D
                                                                                                                                                                                                          SHA-256:6A8F64754C75EDCC9ABC1138E44ACBD7064D7E8E2A28783939241DBD6AFA30A5
                                                                                                                                                                                                          SHA-512:2314AAE692C024F914661E46CFD76531DA6C09B94C084FE915A0594625927DF30282D09518A950EAFCFDD2E499B1E4877CF3CDBF5509DE0CC756DADCDE43FD45
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR.............Oo......PLTE.....N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N...*....tRNS..8Uq...........jO+..D......o3.0y..b...g..a...@........_....d'...7Qp......K;..^h.\.W.../...S....-..J......&......Y..I!.P.w#...uT |....:.V...1.z%.Fn.6....N..L..$.2.?.e.s".ti

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-180_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 270 x 270, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3673
                                                                                                                                                                                                          Entropy (8bit):7.8322183683928195
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:nBWR5fosUcvpqnOtkeU4ghCboMmSaj+5UZy:MvHUUMnOtpz4Csz65UZy
                                                                                                                                                                                                          MD5:98B9F7A4F4322E7B46DE392FD20F66E5
                                                                                                                                                                                                          SHA1:D009D227522206C40CF592E460C9642CD03B8769
                                                                                                                                                                                                          SHA-256:A706B332E6A846357A86C30D0E8BB7697E7DD55C2AE592DD45611DDCE0C0BF14
                                                                                                                                                                                                          SHA-512:3B3E5BAF3CFC57119E0812DE2816DF6C7DCB42E96C4891E47C4F32320FD3BE2F27A0118051A6651595BAAAA30069BB1C0D78AA701744A44534CABE7547D4BECD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR..............1.... IDATx...k.u.......:.....*.o..I..J...L.H.(a...1....6S.....b.6..2M...fD.M..TN.5..o qx....;g..}^........."""""""""""""""""""""""""""""""""""""""""""""""""""""""q2.3Qr..z..<r....D.w.2.".r.*...s.......\..)d+.XJ.A........8Vq....g...vo.%..B..._M{.a&.XZ;.|r.v%."NaN.Q..R6....c.cN..~H..M1.X..a'%.d,=iZwF2...;.l.xU.H[..i.6;q.....#.y...w...... m.$~..$...L\E...l. .IM2s5.==.%..-....|.:,.`..........<.c-.".\....l...3...j4...B.sn@....Oxb.%.....B......$...-...WC).j..ru.s+.{.2"..5.c.q.e-...;.`-O1...@.G.F3.El.'..>$...(....d....6....%.CG\.e.[8.5.!.#....`q.3.W]X.%...$y...&...DZI....K..W.x.....%.......H+.O%../..n...~....C4...9nAZ..`..F...2.S.khhtz.E.(.CX....Uf....^&J:..@....$M......(.2..U.].O'vc...mzxlm....obq.M6....,.."H...}J'\yll..,....Jx..$/..X.uH.&.].....r,P-...[9.Q...Lr:....(..>..|..;.h4V.%y.|.]...$#....[[..d...U. ..B.H9..d.26.#.w..5.b....q....oq..0Z.y.NP..1.c.V!!.D=.k1.:.?.q'-..w.]..B,P..B...|....+X....j,..2q....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-80.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1723
                                                                                                                                                                                                          Entropy (8bit):7.769427546963699
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MtXb2ikqrN+EMaUeTPMSEGS6CT/GF2MdJtDHBkZH39Hmgwiw:CXbzrzfUsUGS6A/ETJtHBYNG1iw
                                                                                                                                                                                                          MD5:1F2FB1BF463B2FF2BEC96784DEBFEF84
                                                                                                                                                                                                          SHA1:AE6F721AD937FE39F86602F71002435B18BF1EDD
                                                                                                                                                                                                          SHA-256:7E6B0D9EA7FDA1B5CA7A0B01290521DFF943DA4CBF1498412CA7D749DB42C32D
                                                                                                                                                                                                          SHA-512:0C92C4F75E620D0B636CFD83E89C69A44F6A96A00006FBD0B13637BA5DCC77C9B302029E62F4B80766811F31810F9C20AC1A98B65C38789951CA0E19A5BB6894
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...x...x.....9d6.....IDATx......... ..................s....P...m.m.m.m.m.6N......w.......-...g2/...)z.....K....~(^..`...j...z.^Sc.n.,.....0.VW..al6...a.....R0...k.Q..N..P.x.J[ol2..)o...A....x.....c.m;F...t.16.....L8....vb=AQ0.<.X).@....M......g.....k..,.AN...-..R......$....b..`...... %H....`6.g#..h.]q..5._.@dA..c0.;X....a.. .2...~..;.1..:.x.....q[@R....,4.w.v.._..s;.b..s.Qu5..U.|.6Zj...P..........\...qa. ..D..W.L...c.~.....A...F1g@x....V..`..,..D.=..d.i..Q...o.c...N......$.`....]...P}.G....BT. .?.......L.n..+nG./..cC.>0.N1.\.C..B..4.l./L.3....T.c.S..bf.0..t...J..!.aU..p`.....0./..}.iL.).w..hc.M..'.. ..;'.p.Rt....R.g......8.%14...S....<.Jf./@..U.h'.G.R..D.\..z.4......<....*2K.S.bj.1....=.../pd.........cfPL$7....S[.M.%H.M..W..T...ZP.aA~....D...+..~EYK.#..zOZ.]fA~...fz..].....7.>..|.........[...v..M..vb.........L....z.`.P...X..RP{.....`...+.0...l/..>...i.w...W. .....x....T...............t..+B}d*`/..+.;L...J..._...iC..pv..gA~..k.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\150x150Logo.scale-80_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 120 x 120, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1425
                                                                                                                                                                                                          Entropy (8bit):7.721284228612739
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:sRv0SxfL9UEp3g4/RjUG894TBRVPvhjfghucgXy2nRlWzIXQuohMU9ocyMDh:sRv0sq4/tU10XVPZjhy0Izy9srWcyUh
                                                                                                                                                                                                          MD5:17471BB63ED62A6E545B6B626A763511
                                                                                                                                                                                                          SHA1:586B9EFDE7B3A04580A49F8FE7739593D42D303E
                                                                                                                                                                                                          SHA-256:DFD1054F989CDEE25F19EA792F363F042A125CAB537A424F0224BBEE13607E39
                                                                                                                                                                                                          SHA-512:F619D963B62EDB07C8077C3C6AE60ED8D3F3DD5BB1D05A2B83DCA1A7A4A346598B055F6C7EA22E05BF281B1DE0F205F5D1054819000759D9450EE1FE8F6491AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...x...x......m.Y...XIDATx...m..e....}....d...9]9\...r2..L..37...S..."s..SV..].t).*.I..dh.Em..`A ...9.`......./..u.}...........v].KUUUUUUUUUUUUUU...~.p.....M.6Y..l.]...Fv..W;..o..d.l...r..{.d..r....a....r.y...@..>.z..C.l.qh............7{E:d.w.W..ZD.2[.~_..y^4.q.!./;GK......Z."s.m..9...{^.g...g...i..[$"F..x.Pj9.b[E...,.q.^.......v. w...4.I.E\....D....9......C".Q.._El0].=.Z`?.>gD....&Y-b...+E...(.f..~`..."^....Z...:\.h....S.v.v-KE,.8.....W.....Ag.V.....q..yD.<..6....x.d.N.....d..?.Q...[..".WZ&.,....v......Z...vG..k.4."...tv....".T.K.L.q..sQZ%.M3V..D...D.!.-.T.*b.n|W.u..xVl....X..._.."...n...5...W.?.1U7Z...p.>#.R.p..#QzJl.;D\..;E....Q..zl.w..wD.4 .j.u....D,.SE<..Bl.........U.Z.[D..._.4K..u.....mJ.e....&.m......-7*..X...:T.K.}..;~....."6(...O..(M..=.#.q.{..xHl..E,...v...3.`......X.[.E|S.IF......C.b.....r......9....o.\.x..WM..J..5.&.IJ......|...........q.J..!{t9L.Y.}D./5.."Vv|./4V.v....i...8Ji......ae18...>.q....0...X.,

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-100.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1564
                                                                                                                                                                                                          Entropy (8bit):7.78686155071436
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:kO3Sxd5HLMZAoBjXkaBPxrX6hzB6eCvTYJSM2nY2YptQ/ceAV5ulBbYZwix2:MLLMWcV2z8nryWY2SDV5uPsqiw
                                                                                                                                                                                                          MD5:C3722E0232EC20AC8F99CCE7A040B294
                                                                                                                                                                                                          SHA1:91CA47DA87EC045ED3EF5D97243167F08FB9E10B
                                                                                                                                                                                                          SHA-256:A333D7E4293F5269426B3FCB673A284F3708A66F957DE62403B6570B24BAE8F5
                                                                                                                                                                                                          SHA-512:71940B8431E36307BA5176939A169B9259BB6B43C32529A10A12C5EA31447BDDCCAD7EB9EF7CB309B175EE7BD56E70926BD5AA0855D0FD9497547ECD7FF93158
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...F...F.....q......IDATx.....L../..m.m.m.m.m{.._...+...d...[.|..y.'.{8..N8..N8....x0..$.iA&..d..@r........&X...../.z..../.....{..../u~....|.._4$5..4...6....q..P..D.U...u...W....o@#..j .o....j...r..MI.n..X.RI.]..W*g.g..;...|.D...2..._.#..$.....A......I..r..GOF#F...L)..P.8.....G.. .l.m..J.=(+.{..@#....CH..|.:..n.%..0..*.{...O.+.Q.ORp...7L)dxS2H..Ge....e....$..k....iJT.~...eZP..A2....g..PUB..|....v.......>..k..~h3...40.x...(.......v.%.F......vl..h`>...P...4...W4.D...\o.9...z....3]........`.}t.......XI.[z..%....S<.e... .D..TA...'.....h....l...,...$7.......0,%....I[Au"...d&?.j......,..|...~F..pB...]......L.]d.v5...U%..h:}%..._.$...X.m.....S.yL...Bc.R;K..8...*..TiP.}5.g..p..m..s].ZU....H.{P.!,..?......t.U....=m-<.a.v..I$...u.T5..LG..b]...c6.19d;k%...3......,..I.[.1..:...YN...h.*5...W..._....dL6.v.Rch..~...i.1G....|].AU.k...H.[Q.a,6.5-....Gt.9U......n(.#...D.v......_.*...@I.}...i.u.@..w.T%..*.&Y.:o.X..3.Z.m..fW..5.....D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-100_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 70 x 70, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1341
                                                                                                                                                                                                          Entropy (8bit):7.829707677562043
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:vHNfCYvjHq3yow73tnF7H1r8IR07iBa/ptAFjLmocqM3LNpi+MaG9vz:vHsY7Hq3QzT7H1r8Wr0/zAxfyLNp1Pab
                                                                                                                                                                                                          MD5:504D80D276ADCC0163A8E4720013F9E7
                                                                                                                                                                                                          SHA1:6D34A0593FFCE916CD19B66D61004FD7E7EB2CD1
                                                                                                                                                                                                          SHA-256:EBBE0B4761EA8968A0A3FAFB383AC7AE175E98CD31A0F41BDF5FCB43469B58EC
                                                                                                                                                                                                          SHA-512:9961259704FF97C0E1899A33259F62155B73264E272064F3FA90E64124513C7C8BD6AB69A39C1EFB271ECC2972AB8FD86FB836F22153A9BB35419C3816D11337
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...F...F......'*.....IDATx...{L.U......#A../.9S.&:/..%]ti...TL][Hm.n..8,gsZ..Zk....:u....lF...".I..[.H(.q...{.sx.</......y....9.9.<."""""l%.J..2.L...xFp?...?.8....:N.M..`2.i..M.uZZ+'..C......9.f.1.X.}He....b...$..V.."..'T........[.s..}..F.........t.lnK..d.5...Yr..ld..x.\...iP... ....X......a ...i.C.D.E.H.&......Y....h..G.....1..h..C..>t...$...m..+..../.<.n4.."..(w..%,.R-...t.$.?..#.QB.+.ep..-.....r3.LYo....A...1CVK..$=.ER....}.o.m<.....#....D]O 1\..}..^....,.|[..L..j..`...n.,...C.N.K..U...k..(.IF......1.....B6..X..U......oK..cvm...tP.....,lM....iAq.+...~.t..M.&...0......i(.y.Gq......Zw.,.H.|... .H...zXR...>....K... )S...E......V..H0UR*...P.....\.I......n.fj*.*|..1...U(=.....~@=.X....Hq...4.....D..4S-...x.t;.....X0.....`....j....+..X8....z.t..DV.6c.\....=Ri2.y.{ac..../Gv./....X.n..o....x..ha.d.....p..V.QRg....8...?.[Qrxo!...r....Ni.4tOHz...Ca...z.K....er....3...;....(.0..[r)6.J.3.S'..(.v....l..~t..".&Fwx..M....P....>.7.E.Z.Y.%.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-140.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2005
                                                                                                                                                                                                          Entropy (8bit):7.837796638299837
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:FtyHJuovwDhlXRvUCvqfPAuwdESKbtU04aQkClnRU8lbPxbsFIV4hEIA:FtygGwDhlX1oHO4KwCAQ9MEIA
                                                                                                                                                                                                          MD5:667BFBAAEB2D2B372B6E0D4BF4992CE4
                                                                                                                                                                                                          SHA1:4C6C2E07183963F59391945FBEE077B55F8F6B2A
                                                                                                                                                                                                          SHA-256:207519F1C7B6C7509BFEB7B55724997EEC6456C8BAF55E882E72FC5CD43DA221
                                                                                                                                                                                                          SHA-512:AC63A3DD2F6088E7849E3824C35FD58CA78EC77DC31E1F6CBD47DE7CC394318CBA7D2309912206A94180267BE057C2AF5C835424019E2A03EE33A2AB801BA9A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...b...b.............IDATx..........S.d..........=...F...m...5.r..........m....g{......[1..q./.D.B."......)h.a.o..x.p..r....]..\....b fR......W.a.."..Ix............58.G.G%D.....0lE..E1D.<...u<o...6>....-.`..FX....l\.....K.....{..Y........D...............B.<G.....7.5...8...\....?.!j.b..F..PH..X....8."..,..R....X...((..G.0..&~a...{..DA<v.....H.4Q.u..a..#<Bk...E ..b\@'...3...U.\..4M...o.m.m.m.m.m..$..R9......&..NMW..{..4].....m....h..y/..x....a.[e..7.ua.^.lC8....l0....1...r.&........G.......c.....d....F]...M.a&.M..V..?[..t.P.Xx...*<.(...s...'.Q....'.~{_......8....R.%..7|O.Bl......Sr....^..@..........us.".M..?x....*.T.....A....&.l........H`g..."...I}E.7..].=...C.gz........V!.EE.....7WvB.!.d..vJ...k.{?.......1.n/.Q.{.....LD..;k...\....]G..S.+....F3.}z.=F(.....$..D.[.y.... /Q..eU...]M.[r.......}.f.s..;..!...s..C...x...Y3...<....0.O.p.\..&5...f.u.....4..A..".. .lD..7.#..P.../.i. ......+...M...}/..U\...}..Ah3"t.....D...!v..V$

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-140_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 98 x 98, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1697
                                                                                                                                                                                                          Entropy (8bit):7.76630495035972
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:TyhJvOYkuSoLYIWawZM7SkzaacHxXgr4RzhQpKP7C:6JWiEIOuWkCxCSzhQpCC
                                                                                                                                                                                                          MD5:93223E8777B581E988B703DF82593B17
                                                                                                                                                                                                          SHA1:40A035464C27041CCC87C7935C45100D93D1C948
                                                                                                                                                                                                          SHA-256:464AFAF960C32ABDC2C3937A48BF14C5D1A819B017E719FDED591D43A65D94C4
                                                                                                                                                                                                          SHA-512:B8A3EE4A71E609625EAB51F0F6DAFCC82CC47BA2C567CC8BF73CF6423056F9171276289BFDCC8428B7C07645097664065EE9B0B78874425BFF800178222FED12
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...b...b...........hIDATx...........9.Q.f..ttS....u....%..1.a.s.!f..c.b.b.K7QFg3..Y..2M5..6:B..z9.%..N.s>9.{.=..........|.7------------..QNt.G..].E.....b.s.e..X.C...Q.b.;.p..m......g....L.\te.G\.d...F..X..=f..]y.A..\e.t....Ei''...d.X...X..7[TYh.1J..g...y....]/.,r...........mi..2.6J.6Yte.....g.....<o...;..v.T..KJm..\T....i...G.."Qe.c..1.I.T#.6...2...7.y.K.*'.....p..J.2S.V...zf..Z%b..Z.6.z._j.}K..w..R.2.Y..M...P..l..d.JG..Sm..0V..o.u.'R..6...(U.k...k.+m..i].n.ub..D.b.JwJ......-1..(. U..|.^....(."UO..z;.@,2Vi..D,...;K.NAi.."f.TO.j.XlO..}$..M6..".iC.."..MO]-..[(]"U.i..E...J.K..zn..".V..M..i....q.(=%.5...R.e...:P."..(.*U..[...M.G~C......Q3)..]o.%U.*./.c....t..:J...q..k...g...R....\...A.@.kl...H.vJ...x..../....9.:..?q...Y..":@i...4f..E.Yi.T}^.....Q..#..h.#"...4S.y.l...AiG.kl.QWI.nJ.E.F.}M.tP...9...U.f..g...../....]..U:N.{..B..A.2..i.Ru..A"..+jg.kE./Ru..R.g.D...n.q..X-b...f...b.+.q......gD.Y.....q.....t..kA.."&j..Ru..."...j..D..4n.S.wD..gG.x..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-180.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2699
                                                                                                                                                                                                          Entropy (8bit):7.8799233652993115
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Is+9LgA+9fj19UhKwdgrviOztr/CrWbqCLRTFxFCEEgq0Ol81sqAGz:IlSN1gBTOztr/jbzdh1y0wl1+
                                                                                                                                                                                                          MD5:704D0A2693B350E7C463B0FF2143835B
                                                                                                                                                                                                          SHA1:0313AD4C3690A590AC54552D2C27806E73776600
                                                                                                                                                                                                          SHA-256:D6367DBC074E37F3488C26B0BAD229BFE99F5C6BB0E28D37B41906C436152B57
                                                                                                                                                                                                          SHA-512:4517B2FA911149885EC5549F3173D3C774716740826873E4B2199C804B17E776A5296565930E5ACDB8D5476710A391B21E6DA8941DF64C525A487DB4619A1EA7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...~...~......#.....RIDATx......................f..`....6..m..j#fm.qm.Am.m......%_...q.i-.>dh.........q.o!!..]...LC.TF..D.o.8...8.O..|.iLC#$PO<..1P.....wX....J..<5...$`O1.YU..g.L....<.....h....K.4Aw.....[.I...yU)....D|..x......`f..................9f....Y...p..!..E..U%...]......l.#.....#gPB.5...^C4.G.........g...5R... ......W.~H@. .*....8.....G...N.U...c....J".....YQ.m0....b.5.V.Y....:.......(W1.E...yb.,..a.bT.^.O!a...6...+!:.*..|O1......ZQ9...M.6.....!.6..O.XI...#jF..w.o.#|c...%Y.h.m.m.m.m.m.......8.qog.N.....3.}...R.....8...P.M.....].....B......3xs...:M!...K.;.mL.7l.N..=..7......sfJ.;..|Q........}:m..08...y.+.5...D..:....|8.m.]........04Z..b.......c.r....|.....m.6/..!...Y..)4._..0KY.e.[.qL.!...X ..jk.....|.....Ki....q...28...-.....<....4.d`.Z{.-]|B..3 PJ.gP.iW-..]m..61c...8.b.,.. P?&.0........A..!_k`.\.s.>.......d..R...."*<.e../.A.S .+...O.Oq.&.B.Y.6...S.!W^....... ..3.A..*...GA.uX.|[..Oh..=..[..9....l-.l..+...mM..Xu_.#)..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-180_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 126 x 126, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2334
                                                                                                                                                                                                          Entropy (8bit):7.8839656878677005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:W/zeI9zj1u/VwgVNR+vEgxOfU99BpcZlp9uqRhq4eZDU0BMK:W/zn51gxN4RxH9hUlpkAMt/BT
                                                                                                                                                                                                          MD5:39E2FCF13C20103C5F449C06D3A4CF75
                                                                                                                                                                                                          SHA1:AE8E1BCE2BE17ED450D891864E6AA22642AF39AC
                                                                                                                                                                                                          SHA-256:5D46E4056F3915C279F1FA9EDF61D93529FBCAE5C59D616380EC5D9405B7763D
                                                                                                                                                                                                          SHA-512:8E4902262B064008804D49D1B5F27BB7B8F33ECEFB05181AA69534E1D21662719DD4F8E0677C58215F6C5CA9EB4FB92FCA54A89F9720230AFBF06A70216ABF26
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...~...~.....H*m.....IDATx...{p......1\0<.%.1<........L.(.0P....R.(Hkk.3.>(-.X.t...>.Q........#P.H.JECxZ.<...5...${.7......../...g........x<.....x<u.0.Y<.f.s.r..7..1.Q.#.#...X...C|.r.......h...b.e..D.[.H..RG.q..f\.9RhV.y....<.Z..0..K.9.c.s(.C9...d=.4..YJ.V....l2..Y,.....u..kH&........rFh.Na.k8A%J..<.-D...Wc.EL'..T~.......I.........N..F...<E.Q$.*.-N2..a.D..;H Jt..%q.....ml......3L$.n..-.Ha0SX..\.#..w..28..W...Z.......Y.......o.......v5.......|...xv.X.G5m.e....tzq.e.7.G.r..Q...D2l.^....E)J..14............~..HCg8...JZ..TN....id..l...3.Vz9...` ....%3.F..v.JG'....Y...,.lc"-.K.]y...h.m.0C.I....".(Gq....g.S>E#....C..+.....].u...+..I...g....b.H....3d.S =.O,.7[...q.|.6/..U.U(.ed.,....DX{.JA}.im;..)..ld.p.*?....QK.....H..i.....#.~&=.&....pZ..&.2....J.s....p..r...y.e.....c..3.g.H.z".#....C'M.h...?......v...&"...z.e(i.+Wz].....<....?....M+s.&....d....*.0n.....s...<Ws?I....?.{...`5z3..w8.........s.B.d..K..K....LLY.j..^...a.p.~.z....-......l.dM.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-80.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1096
                                                                                                                                                                                                          Entropy (8bit):7.755097954664401
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:TDh4JYYFMId219dZt07Zcglb4iS/cFEAAabL3/006Fs:B4JBMPVEbCe/006Fs
                                                                                                                                                                                                          MD5:32D3E390613CDDBD639E70DDB2511AC0
                                                                                                                                                                                                          SHA1:C96AC088E72D756F31896B16776EF100379F802C
                                                                                                                                                                                                          SHA-256:DC20E5AA2B500CD5B5C9F89647D3487810685C94268F22678E27820E2454BB3E
                                                                                                                                                                                                          SHA-512:7381CEB8FEE84F398082177F30DC01593BEEFA729C73B0166AF686BCD25D54312B202D9243834B754769DE41E9A1DEED74CA91A76DCDA918A749CDB4F08C124B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...8...8.......;.....IDATx...S.,I....[k.m.m.m...k.f....0..Ag5..<.w.1...r:..g.+...+........MX.k`=l......\(...........,vDq>.......x..`wl.U...x..[.....(..p...@u..z...1M../.D>...z..'vJ..U..'C.......?c:..U........GQ...,.P.T<...-..|$~....q..n=L..iF....X....q.......p.6{q8.u'*.R..C...Qg..YCN.:........#g^.R...w.......U..j...H5..eF......iO`..4r.R.[.....0...9{....u.v....X6!>.F`*.Nk.....J...5.P..}..F.\..Lk._.`.#...od..7..4!V.......-...{r.P....9^5.2.(.G..OT..<9}1....A..Q...U.{C.....o..S.....S...b....z..T...o....z..Z.xv......O|.8.....u......c...?.....u.u........p4.v`......kQ..4.....jzf.^....F..4...j:.._K.;..z]..0.0>..........|..W..Z5!6.b?....2O.....,.>.Q.y..-...._..k..w.}.V....s.o....W*..._Q...X..=Tcmc{N.P..1..j..'...l.-.?j^2..*~}Zo.J..7..F....D.91.....#2^..7.}7........$.:P..oc"6I..)n...|A..G.....l'..x..bM#.|...e.yT...k..y.]9...2.ao.z~.g`4....e0L..........t....n*.....}D.>.O..Vv..vE.Qs.\.~...s..........v.....T..7..A.9.s.]zQ...Gb.q).2....e...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\Assets\70x70Logo.scale-80_contrast-white.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PNG image data, 56 x 56, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):901
                                                                                                                                                                                                          Entropy (8bit):7.682141855410327
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:x2BZqWXRHKkqILfEDtySHnb98XPA8KWstHNMufZ4jJO2C:xZQEC8BywBmPAGpC4jJa
                                                                                                                                                                                                          MD5:E6ADD5AFC73F7B06FC2348550595F8D6
                                                                                                                                                                                                          SHA1:4D658BDDB93FA6CB423EBC61BD20DB37E4D37DB6
                                                                                                                                                                                                          SHA-256:DD6F46D32C3E235508F9E4C7D7F993BD807D955BCA7E63CF3D57C6C4C102F46D
                                                                                                                                                                                                          SHA-512:55437DFEA7F68A4572DFC86B5428CBE9DB86C0D32D0B09BA6B7B1CF8E49E5F1BB94285BBDC97D8EE00D70BA75921DB59644787C1BE1672FE37CEE09441F249B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...8...8...........LIDATx...mh.e...c....#.."aM..f!Dh....eFaa......0$3.a.bS.(!..$..@%1-+.,.ge..\.9..=<...}...=..7.\'7.-////...T.2.x.F...Ur.5.v..L...Iv..-..a.1&...Y!...U.S%..a......k.V!=....'..M.Pl.F!..s.V..B8g.n..9a......Z.k.....vH..i]V.Yx.....ve:R.I-.c.d...\......S.s<.?....`....).Ab.za^.s.1....~r4[...6a.......$6.o.I.z..A.Z.HG.:.r.C..E..<+.#Q..P.J.._.xYX-...[I.'l.o.{...Q.Y.E.'.V..3...H........i'.w...........:a<...W2.I..0P8(K...IL.V....).V......=". .....;.,....F&..U$6.....d...e.T.}aK...4I.!.(.U."...,}-\G.Rx[&..O...$Kk.I$.k.[&..c......S,.v.....(.Ao...,...K[&T..|.......G.G.6a.++t\..*.?...La......F.....r9..t.U.9.DG.8.o#..j.d..L.~..;B....e.f....*,.......b{./.....N.......`.e$npL.U..f.j.I..A....Oa.^.F.N8`...xU.........@?..t%$.,...l.n)._h0/U.d.....l.C...I....R..)..........3H...N....h.9j.2.{.n_...y..m.9.5.^...H7.i.A.....e.?..R....]....IEND.B`.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\CUESDK.x64_2017.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):485344
                                                                                                                                                                                                          Entropy (8bit):5.205767320176383
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:JlTZkQQzVVTgmAffw5QTzL6+75I+qZojZdN:JzkQQzVVTgmAffMQTjO+x5
                                                                                                                                                                                                          MD5:2F8A324390AD37C3CE38EC89EAA948C8
                                                                                                                                                                                                          SHA1:A29F2E9C0268BC7C9EAF94DC629AB7B5EC368C7F
                                                                                                                                                                                                          SHA-256:5660965C2C1E79E35D2170DFB85AEDE4C687AE3AE83468B41066357E45F13BC3
                                                                                                                                                                                                          SHA-512:129DAD4494C736A2599895BB13BDEFAC3AE08C4D049D0628808DA72579641B44E802F51151F6895DA283709DA5C0F06BF3CDF06436CFF92560246075B22AB5F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.y...*...*...*.xE*...*.h.+...*.h.+...*.h.+...*.h.+...*.f.+...*...*p..*ci.+...*ci.+...*ci)*...*..A*...*ci.+...*Rich...*........PE..d....v|_.........." .....N...........L....................................................`.............................................#............`..6.......,F..."...E...p..(...@...8...................`...(....................................................text...hM.......N.................. ..`.rdata...)...`...*...R..............@..@.data....*...........|..............@....pdata..TN.......P..................@..@.idata..X!......."..................@..@.tls.........@......................@....00cfg.......P......................@..@.rsrc...6....`......................@..@.reloc.......p......................@..B........................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\MEIPreload\manifest.json

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):238
                                                                                                                                                                                                          Entropy (8bit):4.824253848576346
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:v5975JVSS18iMkh26VlcmutLwyAGI/zj//gQNMC:Bbt18l+LlMLqGU/gQNMC
                                                                                                                                                                                                          MD5:442699C95B20A60470421C6A4D29960F
                                                                                                                                                                                                          SHA1:C7317F2D2414C991C21205BA3C68A187B997E3C1
                                                                                                                                                                                                          SHA-256:44844CF3DDE6E80087AE0E6BF0D9326D7EF7D23326D24AC83AF0850BE26923D2
                                                                                                                                                                                                          SHA-512:C89CF089F7FEEB80C6DED11F1FCE84287ABE8216A6E05723D1A7FAF567C501C043CD1246FF8DBEE1240D2D79C41B698EF4CC3459589E68E5BFC5BED7FC3A150B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{. "name": "MEI Preload", . "icons": {}, . "version": "1.0.7.1652906823", . "manifest_version": 2, . "update_url": "https://clients2.google.com/service/update2/crx", . "description": "Contains preloaded data for Media Engagement".}.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\MEIPreload\preloaded_data.pb

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8254
                                                                                                                                                                                                          Entropy (8bit):6.795641289553097
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:bTOpyeS7AOv6EVp/m3FPKk15jjKVcOmQppXavFbeLfzrLyp:bTOk7AdEugo5jjK+5QppXaBebzrLyp
                                                                                                                                                                                                          MD5:D5E4C2634EFF8A9B3FAF432BF406D6D1
                                                                                                                                                                                                          SHA1:A691F5C9877079193C1F7DFB16DBC30BB0372EC9
                                                                                                                                                                                                          SHA-256:C6070A157B4E28D16FBCCBD233E93846DDB070C85E1A1BC64469B7A5F1424FAD
                                                                                                                                                                                                          SHA-512:B264E28AC8F111DF01C553445AADC7BCDB3F32A38A1A19D3F9D458270DFEAF80EFA7144407BD999892022AF9DDE9DBF8A0E19E7212720E1C6511EA9125AFB166
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..@5..0@...@y@o@.AK@X@.@w.!@.@.@.A.A.@.@B@.@.@.<A.A2A_..6strea.....kpo..anim..^...elo.tele..g....pan..bancidiz...don...Ikor........D...ap.cuem...ukleren.squl......ve..vco.. ....sten.tid..+v........dou...myvrs..=bb.jl..#streamfai..P2...nkk........10...f..R527......p...7............85.231.223....11.90.159.13...movie..w23serie...3tv.co...h...pla...00mg...bstrea..W93.178.172.11...49.56.24.2...........secure...|qo.....routk..nitetv.roge..}map...ndavide..ci.t...view.abc.ne..O...j....lianonlinenetw............r..'oora4liv......8.topgir..33.sogirl..rshow12...ayospor.......mc..s...k......sian..nime.c..n......prof..ba..Mtochk..Zkra..Tg...-....K............@.'..2.vos......m..rig...r.. ......@g..>..........perpl..)...tualpi...gintvgo.virginme...eo...mbox.skyen..@aplay.O.E0B...d....W......portal.jo.._...e...ma..........Lsearch.ya...frida......a..Qhnex..jvarzes..ey...........e....y...d.tv...stfr......l......seigr..U...d...q.....z....serial...r...cuevana..Amovistarplu..a.......f

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\assistant_package

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3201592
                                                                                                                                                                                                          Entropy (8bit):7.976494376289131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:0kinoO1uL3tQuK4csQqZ0dtNTApbMPWlxYfKneBJE1eao4MYNnUy5pviGE:0kiobL3Op4srtEMu76KyGgYBXpvLE
                                                                                                                                                                                                          MD5:906C487E7E3ADBAB38C118270BB433E7
                                                                                                                                                                                                          SHA1:A84540E542C9BB2E2FB4EF2E0008EB3B3685492B
                                                                                                                                                                                                          SHA-256:21FFD5E83C7F30D7D0A1177FE347B0BE4B35E36F2CC8A30A250B0953D7039E2E
                                                                                                                                                                                                          SHA-512:B94CCD20DD3D6C13744A6E6ADB4DD8284A01901BFA11E9EB60C869867E3D252197416D6954E216890AB15029C350C0A452B03F68F654324538FD4EC9E66D82FC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@...................................1...@..................................R..d.....................0..).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...l..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\d3dcompiler_47.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4927408
                                                                                                                                                                                                          Entropy (8bit):6.402954167719071
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:/CZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRNg:+G2QCwmHjnog/pzHAo/Ayd
                                                                                                                                                                                                          MD5:DE446F8424F1437BEA32DDF673E1A3F9
                                                                                                                                                                                                          SHA1:0CF9581B9E98F87D8E0D4F66F0DDE5F7DDD6DD68
                                                                                                                                                                                                          SHA-256:758F3DD461925367A7637E20543E66D4F791B60A60573DAD461BDF92254DD4D8
                                                                                                                                                                                                          SHA-512:C22296B05354FF2F32CA2E1E9304B5CD832F1411FBF58DADA5A79CD01D212C624CA08EEEFB118DAA7501FC21C7C65B0A8ED010836E91C4C1843F49D6D8328BCF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d.....Ne.........." ......8..........<).......................................K.......L...`A........................................`%G.x....(G.P.....J.@.....H.......J..O....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\dxcompiler.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22064032
                                                                                                                                                                                                          Entropy (8bit):6.543083144951815
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:qSh8iwqmrjOjD0KhMd4iVjJVBJkdEdwN/fCOA9YixQwce751CjN8TJunLzCUv4Sv:XHl+Sag3
                                                                                                                                                                                                          MD5:23EE16732DD618BCE4AE54856F1E73FF
                                                                                                                                                                                                          SHA1:CB5277EE473B74782B70EC036D332A1D2C52FAB9
                                                                                                                                                                                                          SHA-256:EF6A6BD5521F0494E142116F348B4975A4D847B6937E504AAB7307DB276A1C17
                                                                                                                                                                                                          SHA-512:2D9545416F0189B23D7B961F453B545E5F55A62BDC111CA246C66BECA86DD5ED8260EFD8F02F09B7545603458A59E4A3E8DA945E98AB0C2535AC0BF536F9323B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........." ..........G......8.......................................0Q......`Q...`A........................................H.".p.....".x.....P.......E.P.....P..)....P.....l.".8...................P.".(...0...@............."..............................text............................... ..`.rdata...L<......N<.................@..@.data...4.... E..n....E.............@....pdata..P.....E......zE.............@..@.gxfg....0....O..2....O.............@..@.retplne......O......`O..................tls..........O......bO.............@..._RDATA........O......dO.............@..@.rsrc.........P......fO.............@..@.reloc........P......jO.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\dxil.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1519040
                                                                                                                                                                                                          Entropy (8bit):6.516149794164716
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:NCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkrd:NCfhbh3v3mtEAQrW41obCraeRhy9ou67
                                                                                                                                                                                                          MD5:135C05B31F2DCA67DC20F7C061A7FE36
                                                                                                                                                                                                          SHA1:08333F51785D7F04F3455396340802493C6D0201
                                                                                                                                                                                                          SHA-256:2759383FDF5B8F91B95ED84CBF2A212900EFD820EACC5490121C5338AE30952F
                                                                                                                                                                                                          SHA-512:D59D8E1974575CF465DE98D525C980454C6F21D7AC38C929A761E81C11257066EC49E810FFD53F4D48EA822150029F7D87A6EA7EC0AD842E36175531AA05544C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@......T.....`A............................................l...l...P............`..t........O... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\files_list

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):5.215090021896831
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:xIlvE+eCPTuqaeDCOLIG4AUsKyIYKJhNewb059RVtZtDy3HCk7RPqErgB6D:xIhTf85XZyITJhowbO7Vt+3ik7KU
                                                                                                                                                                                                          MD5:552DDC9B5E3EB5087E5352821FD30D70
                                                                                                                                                                                                          SHA1:990511CBAE12E72B5BBE494C026F91DD847FBBE8
                                                                                                                                                                                                          SHA-256:9D3621EC6C8F3D51A2D2C81DC5E4370C90C5EF84A1FE2C866F03ACA384D4383C
                                                                                                                                                                                                          SHA-512:FEA5B35090D8AB6ED9097A78B00B34537A449A56637B1E0E7AC6609B11967E4B94F55B521EC831494A94B71BF7F12D8897DB0441001D584C4C528EC67F9EF158
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:112.0.5197.60.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\en-VO.pak..localization\es-419.pak..localization\es.pak..localization\fi.pak..localization\fil.pak..localization\fr.pak..localization\hi.pak..localization\hr.pak..localization\hu.pak..localization\id.pak..localization\it.pak..localization\ja.pak..localization\ko.pak..localization\lt.pak..localization\lv.pak..localization\ms.pak..localization\nb.pak..localization\nl.pak..localization\pl.pak..localization\pt-BR.pak..localization\pt-PT.pak..localization\ro.pak..localization\ru.pak..localization\sk.pak..local

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\headless_command_resources.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2923
                                                                                                                                                                                                          Entropy (8bit):7.921190680728857
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:6gAlAoYlilhwSaZDTzolwaaRUFUvexgwO8BKWvhkQzQ1epHQs1EAFw4FGxG:yclnPzomv2HrlpkQzOepwGE14AG
                                                                                                                                                                                                          MD5:0F4EF7A0B4A0051BD59F60724EF53F04
                                                                                                                                                                                                          SHA1:0DE7DB8C2F3A98A8BFA42E1D7E08FCF1F23465F1
                                                                                                                                                                                                          SHA-256:7DB8CA18B3A9F8F22C1153F28D5FC085649D8627F98E45CF5E88A8DCC765851F
                                                                                                                                                                                                          SHA-512:8638C036834E2D033A15C212F3256311B66514D1809A29A237A9EB956B423D9E064A490D407AC6EF6E1596BD662139A583B73AA8F09C35840E206888FFCB3DE8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.............r.....r......k.............-.1k.0.....Kv....h........."=G*.^....Uqo9...R..1g.w..mqv..e.~.x...,+..[.<.8/...!..........6C..tTR.@..P.Xq....-_#O.........4`.P......|...J.5........~.8.6...p.:..l.].l.Y._EY...................N.H....H...t..>M#f..Q....d...n.].......=......&Z...s.s?..}tL.-..+.^..~..V...(YW......no..}.0"%b..C..i.QN...uI6.6.@.[...........U..@c...<k.-.J.7...X........)*...{..!.O....7...u.uv.=.!..t..9#4N.........=......Cg..]W...7...gm...a..k.=..1.E.YO...E@.eE..dcE..F.L;.4D.~9...h......b......+T.mrTT]..|u.....k..I..".xq.;..(.....i.....:.....H...D..(Rd....B.j:!.$.........SJ.....a...s^.<..7.......s....bq.n.S.,.6|......)...2..Riy.*..g.....wet.....?.....................n!..x.@x.T.gMQc.M...0....x.Z.FA..N....2~h..7...1..w.xNq..d..../...zD.#....j...n.c.^.... ..3.t.u.K..=.. ..>...QUDsKg."...5.Hr...0..Nf.n*/L(cP*l...."..t>...b.j.U...C...0Hd%:.e.ENvN[&.1.2...Q.8.zN+u...m...:.GG(j..-...&...et......4#......5fx......7...8v......-.......f.*

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\headless_lib_data.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1142573
                                                                                                                                                                                                          Entropy (8bit):7.979899537353061
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:NR+VVG7zDe8KcFlAh1y+cBjoO0TOccek/mtvoP5/Ri:NRAG7zD/17pRBKOmkVP5/8
                                                                                                                                                                                                          MD5:D6DBCF554798BC2116E537390D092ED4
                                                                                                                                                                                                          SHA1:5DB772368F6B7045409F531C602CE1315601F1C0
                                                                                                                                                                                                          SHA-256:A6DF8D5A7A4F2193653F4AC3A556D6D17795D8BF0704B4769AF397657A148559
                                                                                                                                                                                                          SHA-512:9F49644D8E499E55222544A709B222B3FF94E2D37E497CEC3804B6AD1239A0648FC73D5C5253AC57E47C5F48C05E49AA8BFFC7A83B5AFED31F9669D06567B8E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:............f.......0...........&.....8 .........q...................................@.....V...........9...............gs....hsM...is....jsM...ks|...ls....msH...ns....osG...psM...qs....rs?....s.....s.....s.....sn....sD....s>....s.....sP....s.....s'l...s.....sq....s.....s.....s.....s(....s4....s!....sZ....s.%...swO...s}t...s...0u....1uK...2u....3u.....v....tw....uw....vwg...wwO...xwH...yw{...zw....{wV...|w.....w....w.....w.....w.....w.....w.....w.....w.....w.....w.....w.....w{....w.....wd....w.....wY....w&....w.....w.....wV....w.....w.....w.#...w$%...w.(...wr4...w.6...wTB...w.....w.....w....w.....w.....w\....w.....wd....w.....w>....w.....w.....w.....w.....wBL...wmM...w.N...w.P...wYQ...wLR...w.R...w.S...w.....w...n.....o.....p.....q.(...r.....s.y...t.`...u.J...v.?...w.....x....y.....z.....{.x...|.R...}.'...~.............y..........W............................M................W.....+.................".................Y.................a...........!.................A.............

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\headless_lib_strings.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3206388
                                                                                                                                                                                                          Entropy (8bit):7.979060773746428
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:4JEIPVKjHL/kP/eWXirwz3JGXlgZ7SzbGvTl8lBf8w9jBrT0IJkaLy5xUZSJ:QTVKjL/Ayrwrf1jujBrTAV3
                                                                                                                                                                                                          MD5:B2A0A9D44450E0F0376D7FC711644887
                                                                                                                                                                                                          SHA1:C2085B594A59A90345E627E0BE45E24EBA00D665
                                                                                                                                                                                                          SHA-256:483783AE0F4DD4BDF6701E87F59CF85BF16D9E640B016075F90BB1306996DC58
                                                                                                                                                                                                          SHA-512:D9343524DF1B7B5500B28805C4B6C928EC0BB5F88A634C974A5161E4ED86E7A7028482DE5B2BB4EC206E0F79241E3CAF01AE3669BFE0BCE2793322ED7749B1A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........E......t....)t....;t....Kt....\t.....t....3u....|u.....u.....u....3v....dv....tv.....v....3w....ow.....w.....w....)x....Xx....mx.....x.....x....'y....5y....~y.....y.....y.....y....Fz.....z.....z.....z....%{....v{.....{.....{.....|....d|.....|.....|.....|....:}....e}....u}.....}.....~....5~....@~.....~..........K....._.............................=.....x...................... .....A.....M.................'.....:............................S............................X............................B.....M.................F.....[......................!.....k.....................+.....m.......................B.....w......................4.....C....................................................}..........+.....9.................,.....I......................&.....m.....................8......................'.....m.......................................................................................3.....>.....M.....j.....z..................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\icudtl.dat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10501472
                                                                                                                                                                                                          Entropy (8bit):6.264566831287011
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:nDPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2YmU:nVwkpHiXUxY/iJ53IWhlVjEeIlU
                                                                                                                                                                                                          MD5:A1E751E9DF0E72C64F38B613EA2A324E
                                                                                                                                                                                                          SHA1:ECCB2490C2238599B990B977E7956471C411FA89
                                                                                                                                                                                                          SHA-256:1FEEDB01802A6960C454D4AFD6B1C9BC3E83A4E575E9D6B2F3BA7DB846645BAB
                                                                                                                                                                                                          SHA-512:C516B97433645DEF5BB825C9A7FEA7925BD43552D38A33266EFAAC268447EAF3F48984CFE57BB4C46B4EA537B42A24CFE2BB7615B4E65C2949BFAC74DB6730AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .....dF......tF..@+...F...+...F..0,...F..`3...F...3...F..PP...F...P...F...Q...G.......G..@...'G..0...:G......MG......`G.. ...sG.......G.......G..@....G......G.......G.......G.......G......H......H......1H......DH..0...WH......jH..`...}H.......H.......H.......H.......H......H.......H.. ....I..P....I......%I......8I..P...II......]I.....mI..@....I.......I..P....I.......I......I..@....I.......I......J...... J..P...1J......EJ......\J..0...lJ.......J.......J.. #...J..p#...J...&...J...&...J..0'...J.. ....K...>...K.. .&.EK....&.\K..p.&.sK..`.&..K....&..K..0.&..K....&..K....'..K..0.'..L..`.'..L....'.8L.. .(.OL..@.(.lL...Q)..L....)..L...S*..L....*..L...k+..M..0.+.2M...k,.\M....,..M....-..M....-..M..p.-..M....-..M..0.-..M....-..N...&..0N...'..NN..@.0.gN...m0..N....0..N....0..N....0..N.. .0..N....0..N..0.0..O....0..O....0.6O.. .0.FO....1.YO..P.1.lO..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7929248
                                                                                                                                                                                                          Entropy (8bit):6.946751808616311
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:hx7S5e+B3QTjWDN10ngf3+RSrn2vToxRDBxZer86Y:j7SI+B3UjWx+nQAs2CRDw8l
                                                                                                                                                                                                          MD5:60E085F15B551C07C983FF48565D6709
                                                                                                                                                                                                          SHA1:EC8C9F5F6E4A3C860008484C250DBA8A45352CF8
                                                                                                                                                                                                          SHA-256:B23C0BCC1100967A625DBFE3CB967BDECB39344F6DFA7C7EAA15B2F6AF6F532C
                                                                                                                                                                                                          SHA-512:17F12F777F882CCD5CAB761A515BD7479273C49BC1CF0463D38CD8B08C0166FECBB4F5DB89F295B83D7F0C032A6A3170C6947C5BC9A509F9A5E06E614EEE9835
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........."...........s................@.............................`y.......y...`.....................................................P.........q......;....x..)...Py.....l...8...................P...(.... ..@...............`............................text............................... ..`.rdata...c... ...d..................@..@.data...`J......."...n..............@....pdata...;.......<..................@..@.gxfg...P&... ...(..................@..@.retplne.....P...........................tls.........`......................@..._RDATA.......p......................@..@.rsrc.....q.......q.................@..@.reloc.......Py.......x.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\installer_helper_64.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):613280
                                                                                                                                                                                                          Entropy (8bit):6.23855893067616
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:TWx9rKr4mxe63tL+GM3FDcl+/0tIggaD52cM2PqT/UBmhCH7lohEL56XX:8ae6tL+V3FDclIKD52c7PqbkouL5OX
                                                                                                                                                                                                          MD5:764FB8C262F2628CB9AE881B5134F3AB
                                                                                                                                                                                                          SHA1:09794789644B4BB2AF1DB9CD47EA2E1415D0473C
                                                                                                                                                                                                          SHA-256:CBC2819A7149E32475C07FB7EAEFDD294FB92FCC6A45D8110285E8C5B8812C80
                                                                                                                                                                                                          SHA-512:2C9E902DE33F7CEBFF10B597F8B4BBF6600B8F3E34762C392CB6F2C9C4C7525AEA4AA07E38DE739FAFC008F5A0B6926B25F00CDC55E2ECA378624F98B8767DAB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........."................. y.........@.....................................w....`..................................................W..x.......P....@...D...2...)..........\P..8...................@O..(....1..@...........X\...............................text...3........................... ..`.rdata......0......................@..@.data....R..........................@....pdata...D...@...F..................@..@.gxfg...p$.......&..................@..@.retplne.................................tls....1...........................@..._RDATA..............................@..@.rsrc...P............ ..............@..@.reloc...............$..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\launcher.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2318240
                                                                                                                                                                                                          Entropy (8bit):6.461359125541264
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:kE7ciJo9fOdmlByQ+6AIrUT6aFM/h5cOxdbb:5mcqY6aYnvb
                                                                                                                                                                                                          MD5:AD04B71FADEE65AA58DC21C74D776706
                                                                                                                                                                                                          SHA1:66661E7B08E1F0236585F8C63CC5FFDBCDADD859
                                                                                                                                                                                                          SHA-256:1C3D6FDF44976DEA41563A9DFA16005DE1E4C3494880F2D09428F369812FD129
                                                                                                                                                                                                          SHA-512:E03B763BBA97400819D5DB1BFB4158848750A7E9E4E6A42B72CE88A4B8FF7D11CC208AF97798557632589D474E01377B791B9BB5BCBF40803E458632A5847672
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........."......@.....................@..............................$.....iU$...`..........................................L..b....M..h.....". .....!......6#..)...p$......2..8....................1..(... c..@............Y..x............................text....?.......@.................. ..`.rdata..`....P.......D..............@..@.data........0.......$..............@....pdata........!....... .............@..@.gxfg..../...."..0.... .............@..@.retplne.....0"......$!..................tls.........@"......&!.............@...LZMADEC......P"......(!............. ..`_RDATA.......p"......:!.............@..@malloc_h......"......<!............. ..`.rsrc... ....."......>!.............@..@.reloc.......p$.......#.............@..B........................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\launcher.visualelementsmanifest.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):317
                                                                                                                                                                                                          Entropy (8bit):4.996593526126476
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                                          MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                                          SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                                          SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                                          SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\libEGL.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):482720
                                                                                                                                                                                                          Entropy (8bit):6.419454527610494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:de4bS6PD08yeb2ooY1Mh4OcfYfuKtxMTroGv8KMIl694:M6PY8yebVoR4NYfuKtKoGvMG6a
                                                                                                                                                                                                          MD5:32FD7C00D054B87F5493FD5F820B565F
                                                                                                                                                                                                          SHA1:826C6B2D1B9E26ABD8A94A592F93523EE6103D35
                                                                                                                                                                                                          SHA-256:EE4F22C6B815AA75E3DD911A9DB471D97A5FB0178926141E5FE8026B5BC20573
                                                                                                                                                                                                          SHA-512:D46DFD906531DAA7B12A63801F08B0D28E84CE3B8E79B82B13476F1277C18009D0CCBDE2461B24A1D34DAD462E2ED1DD2DB2F7D682F5CC58F42577F140371EFA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........." .........$......................................................CQ....`A........................................ ........#..(.......H........A...4...)......D.......8.......................(.... ..@............&...............................text...j........................... ..`.rdata...... ......................@..@.data....K....... ..................@....pdata...A.......B..................@..@.gxfg... &...P...(..................@..@.retplne.................................tls....!...........................@..._RDATA..............................@..@.rsrc...H............ ..............@..@.reloc..D............&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\libGLESv2.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8088480
                                                                                                                                                                                                          Entropy (8bit):6.504002475577701
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:jYLbM2HVpHOmfv2D8J9FQG1TyToWETA2FX8iL3HgWmw7Bm3QsyYKDgq/I0kIZsyz:CGOvuWqyFg4RMRbSEg4mvXC3RkT9
                                                                                                                                                                                                          MD5:D2356A4D0D447BFDDA52E0584AD39AE9
                                                                                                                                                                                                          SHA1:04369CB1D782C823A1AC7050E3D5540281B1C955
                                                                                                                                                                                                          SHA-256:ED812C0FEDFF3559ECB2EA5A61CA36D9D8C88DAD0BD61901C3FDFEC19B82936B
                                                                                                                                                                                                          SHA-512:CFA0EAB17DD2FC18D03862FED31660D3FC0E66B503679763A5A287B58599CF715C0C63B1DA37E77F284C2A8D00FF4E3F227DD7879DEAC4B3CB96175C5F4F4DF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........." .....n_...........L......................................0|......{...`A........................................-.r......ws.d....@{.......x..]...B{..)...P{.h....7r.8....................6r.(....._.@............|s.....P.r.@....................text....l_......n_................. ..`.rdata........_......r_.............@..@.data...$....`t......Ft.............@....pdata...]....x..^....w.............@..@.gxfg....-....z......4z.............@..@.retplne......{......bz..................tls....B.... {......dz.............@..._RDATA.......0{......fz.............@..@.rsrc........@{......hz.............@..@.reloc..h....P{......nz.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\bg.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):852563
                                                                                                                                                                                                          Entropy (8bit):4.770277796943595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:WYi6hFgoBgNEjl9cITIA6g2HK2HgUbvYVzQkECHUVVbYc1qe+7KVD0L4s32HQH0X:O6ENw7InK2HgUbvYqqUVVbh1qvKVD0LM
                                                                                                                                                                                                          MD5:25B2F175100FAB8BBAD16BC50E30C061
                                                                                                                                                                                                          SHA1:0D7AE37C762C66CCACFE186A2EE1CF6CF8DD4C28
                                                                                                                                                                                                          SHA-256:08879CB5A847C46F8ABF5235DE964663EA730EC78FF2001905A2D73B0895B378
                                                                                                                                                                                                          SHA-512:F4CE64AA76049F53862760D52923774C4AA46162BE93C2E6DFD1706C26B9F52951370E07A0FA7E393D190550B919CF37B9C6B3C5E323E61A0A1C337D4A7F654B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'[.e.....g.....h.....i.....j.....k.....l.....n.'...o.,...p.9...q.?...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...............................................................................%.....B.....g.....u.....M...................................#.....@.....0.............................G...........2.................,...........G.......................\...........".................d.................[.................................... .....!.....!....M".....".....#....s$.....%....V%.....&.....&.....&.....&.....'.....(....s(.....(....:).....).....*....0*.....*....}+.....+.....,.....,.....-....z-.....-....,................../...../....!0....a0.....0.....1.....1.....2....22....-3.....4.....4.....4.....5.....6....e6.....6.....7.....7.....7....'8.....9.....9.....:....I:....B;.....;....n<.....<.....=.....>....O>.....>....I?.....?....D@....v@....dA.....A....yB.....B.....C....yD.....E....EE....=F.....F....uG.....G.....H....$I....}I.....I....YJ.....J....+K....UK....PL....$M

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\bn.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1093626
                                                                                                                                                                                                          Entropy (8bit):4.367599776776045
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:E6l+QSxAVFXOvdMVI+bwXZuHHDWCq+EEsoZ07gxXzcW:dxSxwZ0dC1KZqFqmslUxX
                                                                                                                                                                                                          MD5:A052B69B57F4C9C232CD3FCDF4CD24C7
                                                                                                                                                                                                          SHA1:EE04FBFEC87D199BF02E1A2CA2F3759E9231F4C1
                                                                                                                                                                                                          SHA-256:0124289A4328201722C2CEC0DD0F0F4AD81F8684EC28814914C233BD03E2C742
                                                                                                                                                                                                          SHA-512:92B612B5CDEE086DE97D24334BE7656DBA371A067C59686BB5BBBCD99F50839FE627C788486F05ACE62971EB916316B9A19143DCD6DEF02538EB654897FB8EAA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........*'B.e.....g.....h.#...i.4...j.@...k.O...l.Z...n.b...o.h...p.u...q.{...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................!.....(...../.....0.....1.....6.....[............................. ...........%.................z...............................................(.....c.....$...........Q...........>...........C.....f...........k...........W.....=.............................. ....=!....l!....9"....."....K#.....#....{$....e%.....%..../&....S'....K(.....(....E).....*.....*.....*.....+.....+....W,.....,.....,....V-.....-..........>....../...../....70....u0....31.....1..../2....[2.....3.....3.....4....-4.....4....t5.....5.....5.....6....67.....7.....7.....8.....9.....:.....:.....;.....<....D=.....=....!>.....>.....>.....?.....?.....@.....A....CA....+B.....C.....C.....D.....D....^E.....E.....E.....F....pG.....G.....H.....I.....I....^J.....J.....K.....M.....N....CN....{O....}P....!Q.....Q....iR....%S.....S.....S.....T...._U.....U.....V.....W

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ca.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):538654
                                                                                                                                                                                                          Entropy (8bit):5.417234913518567
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:8QVjq7Q6ybGbf1bCCrz+W58rMU7kcvKMe3nRSf1O5G5iURKWJCQrtyXLgjSHNPeh:x3Sd2gR7FkPUknjYgB
                                                                                                                                                                                                          MD5:09CF89CFF240FB1B5DA9C1D8775F0B59
                                                                                                                                                                                                          SHA1:F0090F74039368DEFB1F6155F3C8983D55A7E0DD
                                                                                                                                                                                                          SHA-256:EDF0343198FE7026A14FC4C1E1A1C21816CE20BC1C4E73098C25F50AB7BF4F12
                                                                                                                                                                                                          SHA-512:D4372B62D944E7B283706C1FF5E8EE0629D05BBBFECAD4E8BCE73841C1BAA8AB45FB657D49AAD16B6AEE19859D8EDD4B59BB0F097A2EAE70994E91EFE31E5ED6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'e.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.%...q.+...r.7...s.H...t.Q...v.f...w.s...y.y...z.....|.....}.....................................................................................3.....Q.........................................(.....A...........Z.................B.......................K.......................@.......................`.................5...........'.....p.................h.......................x.................8.............................!.......................[.......................>.....d.....t...........#.....P.....g...........1.....l.................7.....i.....}.................H.....X.......................+.................. ....' ..... .....!....`!....|!.....!....1"....`"....."....."....!#....D#.....#.....#....($....=$.....$....#%....k%.....%.....&....G&....j&.....&.....&....3'...._'....t'.....'....8(.....(.....(....7).....)....1*....L*.....*....8+....|+.....+.....,....u,.....,.....,.....-....a-.....-.....-..........t.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\cs.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):532088
                                                                                                                                                                                                          Entropy (8bit):5.854091515951251
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:YZZHEZn2EoA8CxiRSNOfzISBP8Qfsb5iJpWhN/inHtW:SEZ2i8CxiRSNOLISOY+
                                                                                                                                                                                                          MD5:675AF1C184D898751B97B8376B2BFA38
                                                                                                                                                                                                          SHA1:E3D704161CACC3F5F91EB2C546B8546E49B81C59
                                                                                                                                                                                                          SHA-256:18D182BAD211F211B88828C678973619D3F1F91FF8BD544B79D763A47F487E41
                                                                                                                                                                                                          SHA-512:D09DA5C4784AE151E7B7A90D83298DA36443536EB542A15681D214D7F8DC6CD4E484383DB8CA2D171C265C02F92D9CC1A9DA7A08CDE40BA62E891ED18FB663E4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.4...g.<...h.A...i.I...j.U...k.d...l.o...n.w...o.|...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................!.....).....0.....7.....>.....?.....@.....B.....R.....h.....z...........'.................8.................1.....@...........C.................).......................N.......................J.......................M...................................d.................m.................!.......................J...................................X.....r...........$.....A.....X.................).....;.............................y.................-.................%.....7.............................}...................................7.....K...........@ ..... ..... ..... ....3!....N!....b!.....!....."....$"....C".....".....#....6#....L#.....#....,$....m$.....$.....$....J%....e%....y%.....%....\&.....&.....&.....'....{'.....'.....'....G(.....(.....).....).....)....'*....q*.....*.....+....u+.....+.....+.....,....j,.....,.....,.....-....}-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\da.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):494436
                                                                                                                                                                                                          Entropy (8bit):5.479309206204016
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:AU8e7VwyzVWl7Bld3xsPbd4B7mwnzZhmqEyi33Zd9K7DeUSVGe7vgRlHnlG+M0I:AU8e7VWXd3t2qEyiZlVG8aHly
                                                                                                                                                                                                          MD5:88880D98BAADDD414CE807ECB47448E3
                                                                                                                                                                                                          SHA1:C7A1A128C82C3BB05D318FF969DB4A9A275BA750
                                                                                                                                                                                                          SHA-256:342BDFCEC3EA1C02FED8120E56E2CF836729AC46FFEE313597975C25131C56C1
                                                                                                                                                                                                          SHA-512:E08075D5442504001753E75EA961F52CC33F74AF32A2BC9B724D7D09817059CFDCA25AB0A3C9D016C4FF38713A1D51C91A311AF05559EFD3E33DAD98957FA839
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&~.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...............................................................................................t...........-.....=.................[.....s.............................L.......................L.......................2......................./.......................W.................(.................>.....Q...........&.....^.....r...........{.................x...........P.....v...........).....S.....e.................0.....>.............................w.................!.....}.................".....v.......................Z.......................<.......................H............ ....5 ..... ..... .....!....)!....s!.....!.....!.....!....N"....."....."....."....K#.....#.....#....-$.....$.....$.....%.... %.....%.....%.....&....2&.....&.....&.....'....3'.....'.....(....U(....c(.....(....t).....).....)....@*.....*.....*.....*....,+.....+.....+.....+.....,....j,

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\de.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):537557
                                                                                                                                                                                                          Entropy (8bit):5.511630225173519
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:KLPcbBbj3cu77NMzUYzoCCPz6pY8p9lC69I0xSPJ95jEx/5B:KLPcFj/MzUxCC7oC69G6RB
                                                                                                                                                                                                          MD5:78A6B7519F635F9BA77A6308083E64CF
                                                                                                                                                                                                          SHA1:BF654E9264D830EDF751DD6F7755D367A449153E
                                                                                                                                                                                                          SHA-256:F1EDE2BA466E078C70AB20450526CED260DB9496201892B817D76CF3D68B66D4
                                                                                                                                                                                                          SHA-512:8EA3855D8F23D8BE06D426D759B96DE97920D917D50DA3BA5244DF187DBF8AD1DA71CDC194454AEFB46507C2C39C1920DD652E0BF40E0BD11D12EB0CC7748149
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.*...q.0...r.<...s.M...t.V...v.k...w.x...y.~...z.....|.....}...........................................................................................3.........................................Z.....o...........g.................H...................................+.....<...........&.....Y.....m...........s.................\.................@...........A.....{...................................u...........[.....u.......................+.................,.....A.................D.....V...........+.....U.....f...........s.................@.......................r............ ....- ..... .....!....E!....T!.....!....F"....~"....."....%#.....#.....$....($.....$.....%....'%....>%.....%.....%.....&....!&.....&.....&.....'....0'.....'....H(.....(.....(.....).....).....).....)....,*.....*.....*.....*....g+.....+.....,....),.....,....7-.....-.....-....$................../...../...../....'0....<0.....0.....1....91....H1.....1....G2

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\el.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):924379
                                                                                                                                                                                                          Entropy (8bit):4.855435941600887
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:Za60/njvCRR9PJ8ZuOIL+ADSf7ebmvt7TroZe/HlmfP/p6YDMIWbIz+9LqN61yvO:w60/njvCRR9PJ8ZuOIL+AD6ebmvt7Trh
                                                                                                                                                                                                          MD5:61AFCB50599DAE230BE16008384E2A2F
                                                                                                                                                                                                          SHA1:CD0A152E4AB2034A96EE1B4C27FA1294148E68B1
                                                                                                                                                                                                          SHA-256:7A022864CBC8B86E96A50BDE79E7124CF851DD99CCFA6551F51FC1DB8D0965F1
                                                                                                                                                                                                          SHA-512:2719EB5F161D98FEE8E7D1DD97025E4272D845A46FC80DE8A857D0CB1ED1619CBEE86B8C28476AEAA92E8B0EB9B455DAE2D7189E707030777FDAFEC7A07ED7D4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.t...g.|...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.*...|.0...}.B.....J.....O.....W....._.....g.....n.....u.....|.....}.....~.............................W...........v..... .....X.....S.....".............................m.................X...........!...........d............................._...........N...........m.......................=.....w.....I.............................F ..... ..... .....!.....".....#....E#....y$....q%....$&....^&.....'.....'.....(....6(.....(.....).....).....).....*....Q+.....+.....+.....,.....-.....-................./.....0....70.....1.....1....F2....m2....*3.....3....<4....c4.....5.....5....86....Y6....d7....l8.....9....:9.....:.....:....6;....k;.....<.....<.....<.....<.....=....=>.....>.....>.....?....n@.....@....BA.....A.....B.....B.....B.....C.....D.....D.....E.....E.....F....6G....eG.....H.....I....`J.....J.....K.....L.....L....;M....KN....GO.....O.....O.....P....~Q.....Q.....R.....S.....T

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\en-GB.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):434599
                                                                                                                                                                                                          Entropy (8bit):5.536781102697566
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:8S88etjsO1o7/QfDRxoBctRkprG7vXM0av/6d92//k:TCSO1DxoKL4/68/k
                                                                                                                                                                                                          MD5:A5E916D1405EF718F153F27CC313D383
                                                                                                                                                                                                          SHA1:B7F20EE0ED1C12179FCDCA77F3AB0A97646DA32B
                                                                                                                                                                                                          SHA-256:185C3E4E3D6D5AF7DB2F048823C1B6B4CD864B271F8CB602F0F371B8CC32D1F8
                                                                                                                                                                                                          SHA-512:390FA6C44A9809F436A65307F738F1FCA142B7BFB7A735C9BC3EF7FC74D9D01BF552C55519D6CB217ACD35957B6148B6B3AAF5DD5C4343CED091F2E27526A196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........1';.e.$...g.,...h.1...i.?...j.K...k.Z...l.e...n.m...o.r...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................&.....-.....4.....5.....6.....;.....H.....Z.....j.....{...........Q.......................Q.......................R.......................I.....x.......................H.....V.............................h.......................K.......................A.............................d.......................3....._.....j...........3.....u.............................).....g.............................J.....k.....w.................Q.....d.................(.....4.....}.......................>.............................C.....l.....w...........0.....m.......................2.....H.............................P.............................f.......................=.....X.....g............ ....? ....O ..... ..... ....,!....D!.....!....."...._"....m"....."....-#....d#.....#.....#....#$....O$....^$.....$.....$.....%.....%....t%.....%

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\en-US.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):436814
                                                                                                                                                                                                          Entropy (8bit):5.539271568656225
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:D2KcrpchMp3GwSM1cX5Xx4ng4s/Z3Gwmluv/my/hR6O97d/t:D8rpchm2wh1clxnGwoyBR6y/t
                                                                                                                                                                                                          MD5:08D003853B81D58ABF6AB177C82ACD28
                                                                                                                                                                                                          SHA1:3A4C4C6584301C3B0D59D7E0F10272A3900E3B99
                                                                                                                                                                                                          SHA-256:BF2CFA1D5C6943A093287BA8D54E50CB72D9E78842FA3945F98C794FC68435CF
                                                                                                                                                                                                          SHA-512:2879E5E6B1DB909D04E28469C52E8D4EC5AB563C8EE9E46D5EC328C53C49695774A87FD79C34DFA816371CF450A6472C84D649BEA07D2C1239A2EB5838A4CEE5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........N'..e.^...g.f...h.k...i.s...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......6.....;.....C.....K.....S.....Z.....a.....h.....i.....j.....o.....|.......................!.......................9...............................................1.....|.......................Q.....z.......................;.....H.............................x.......................j.......................F.............................\.......................\.......................(.....C.....R.............................6.....s.......................H.....z.................$.....Q.....].............................g.......................'.....l.......................[.......................;.....^.....t......................./.....~.......................N.......................5.....l.......................5 ...._ ....o ..... .....!....L!....d!.....!....5"....~"....."....."....H#.....#.....#.....#....>$....j$....y$.....$.....$.... %....0%.....%.....%

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\en-VO.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):439039
                                                                                                                                                                                                          Entropy (8bit):5.548977976990391
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:bGpTqHL0F7Pf695Xx4ngvs/Z3QwkjSzfqmSZs6d9WuL0:bGpWw7PfQxAQwym0s6/L0
                                                                                                                                                                                                          MD5:93B232C739D89C78BE7853A4D4B25AE5
                                                                                                                                                                                                          SHA1:D3FC85BCEBC70D1CD0777C7CDF65B784C4E0D5FA
                                                                                                                                                                                                          SHA-256:8C77738FA9ECC5B43B6CAA76C389AFA126428667AFB4B74739F39A0672439D5C
                                                                                                                                                                                                          SHA-512:84004D1A8D8C4405AED93BCB2EED8D3EE9E4045116B5E93C96D5E78242B15BD8A9FF08CAC90E80A207B45B5FC7116DA43D6F23391F9A6F43DF9A9E0F6EFEBBA7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........K'!.e.X...h.k...i.s...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......6.....;.....C.....K.....S.....Z.....a.....h.....i.....j.....o.....|.......................!.......................9...............................................1.....|.......................Q.....z.......................;.....H.............................x.......................j.......................F.............................\.......................\.......................(.....C.....R.............................6.....s.......................H.....z.................$.....Q.....].............................g.......................'.....l.......................[.......................;.....^.....t......................./.....~.......................N.......................5.....l.......................5 ...._ ....o ..... .....!....L!....d!.....!....5"....~"....."....."....H#.....#.....#.....#....>$....j$....y$.....$.....$.... %....0%.....%.....%.....&

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\es-419.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527776
                                                                                                                                                                                                          Entropy (8bit):5.39001298526669
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:gNmK5wNHgZJ7qdF+DSnStm+NF1IaYHTcw8yy8G2vI8z3jeipuPaz4:MmK5YUqL+iQ6cw8y3DGa8
                                                                                                                                                                                                          MD5:33474E47CEFC99BDD9EA8A646B1692D2
                                                                                                                                                                                                          SHA1:30F56AE0E37D6FD9AA56AEDB1C9A7E7036DF40B5
                                                                                                                                                                                                          SHA-256:2FB1639E5136A789C3242614B557C2308C4BFB2DD11F725DAF89071C577FB5AD
                                                                                                                                                                                                          SHA-512:E8FD74F1CB183C13406D318E1B152999602ABA8FFF7592035BC507FA1A9280EA259B9CC14402DAF7EEB705BC4F80AD4540812745865E37E9F222A51FA77D3D69
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'].e.....g.....h.....i.....j.....k.....l.....n.$...o.)...p.6...q.<...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.....................................................................................+.....B...........s.................f.................*...........:.................1.......................U.......................C.......................g.................I...........?.................!.......................T...................................C.....^...........u.................G.......................,.......................#.......................=.......................b.......................c.......................I.......................A ..... ..... ..... ....y!.....!....7"....X".....".....#....A#....a#.....#.....$....;$.....$.....%....;%....K%.....%....@&.....&.....&....0'....}'.....'.....'....&(....~(.....(.....(....J).....).....).....).....*.....+....u+.....+.....,.....,.....,.....-.....-.....-....6.....J................../...../...../.....0....T0

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\es.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):523741
                                                                                                                                                                                                          Entropy (8bit):5.380000801139269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ddzbR12/jsl2YffbzQ6PZCk8j0bOykXgZ+oe8myMMTKnbzb1a7jxU/S50dC:dlj2kfbM+Ovj8myz7jks0dC
                                                                                                                                                                                                          MD5:89CA1E61AACB352DE2DA77ABB172CFFE
                                                                                                                                                                                                          SHA1:7F77B61E2D7DF083FC90F5C4FEB7A067D15C1BDC
                                                                                                                                                                                                          SHA-256:04FB7483678B6A1B150057FFC0D1D8B4431A7F5AF967C17D23358E3677C81463
                                                                                                                                                                                                          SHA-512:763F4ADD575AFC8B1A1717EFE04222BF95613D7A080E0480F166320FF278248C940B307DDA5D2348F1AEEEC38EF196873DD70F7F7CCB1D37654E21E92BA29566
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'g.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.!...q.'...r.3...s.D...t.M...v.b...w.o...y.u...z.....|.....}.........................................................................................../...........a.................O................. ...........B.................-.......................L.......................J.......................q...........(.....U...........O.........................................E.......................z...........6.....O...........].................0.......................$.....z.......................t.................1.......................+.............................t.......................Y.......................P ..... ..... .....!....}!.....!.....!....@"....."....."....."....;#.....#.....#.....#....N$.....$.....$.....$....{%.....%....1&....k&.....&.....'....='....U'.....'.....(....E(....X(.....(....')....x).....).....*.....*.....+.....+.....+....%,....t,.....,.....-.....-.....-.....-....'.....z................../...../

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\fi.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):490404
                                                                                                                                                                                                          Entropy (8bit):5.458033022968204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:dtrX5ro194xFJIzndp0Wa2wNYYp9ufxYtgG+Jl9tmR7Mc1JQ:d/rTmn8t6gW
                                                                                                                                                                                                          MD5:C4C5BB3D209FC02CD8AB9CD7B612A6B4
                                                                                                                                                                                                          SHA1:B53C92027126A5A4AF2ADE7ED6DE8EE25306AC7A
                                                                                                                                                                                                          SHA-256:E8457357B1127E9D0E299D43419A3B0F83FBA6D0AEAA2C5D6362EEF63936BB41
                                                                                                                                                                                                          SHA-512:CFE76A2113EA0D3E0D0FE24792DAD5A22480D3A72D441A1A84A0BEB0709C79446078A8C0FD883E50FA9CEA69C32868305F7E0CF665171C7BDF9A58BCC7540AC8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.....g.....h.....i.....j.&...k.5...l.@...n.H...o.M...p.Z...q.`...r.l...s.}...t.....v.....w.....y.....z.....|.....}.........................................................................(.....;.....N.....g...........k.................:.......................L.......................s.................&.....}.......................[.......................1.......................8.......................].......................Y.......................\.......................|...........4.....J.......................2.............................M.......................$.....w.......................[.......................6....._.....j.................I.....Y.................#.....-.................T.....l.......................1.............................}............ ..... ....{ ..... .....!....=!.....!.....!.....!.....!....O"....."....."....."....P#.....#.....#.....#....s$.....$....@%....U%.....%.....&....R&....n&.....&....)'....X'....j'.....'.....'.....(.....(....s(.....(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\fil.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):546975
                                                                                                                                                                                                          Entropy (8bit):5.288709046793886
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:R/XrkGPG02boSX4H+IC+pK7K2oXaPx4D282OyQqy+PKR8:Rfr/PP2sSXk+h7p41qRK2
                                                                                                                                                                                                          MD5:6BE2155BAC54D3D938C945D63177BFC4
                                                                                                                                                                                                          SHA1:042DC6DB580BCAD679E5A7DD22451CD1F637DB39
                                                                                                                                                                                                          SHA-256:F9CB2CE45CD7AAF9E2B13C3EA665CFBD2FD6D6F60A5A8D3F94AB5931C980FDA8
                                                                                                                                                                                                          SHA-512:4396C04B0B0C168596599DC647B6B3782C8B5674EA13C810CA3C6D9C463BACB2F2F2D4CD96092BF4A43FDF8A32A4DE2EA120C43373055C64FE69271F0F33E2B2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........w'..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.%...s.6...t.?...v.T...w.a...y.g...z.v...|.|...}...........................................................................................'...........].................U.................,...........a.................b.................7.................,.....;.................E.....X...........X.................X...........).....P...........B.........................................^...........$.....;...........b.................A.......................9....................... .......................%.......................G.......................S ..... ..... ..... ....U!.....!.....!.....!....V"....."....."....."....z#.....#....M$....j$.....$....0%....\%....z%.....%.....&....8&....N&.....&.....'....E'...._'.....'....T(.....(.....(....:).....).....).....)....S*.....*.....*.....+.....+.....+....K,....n,.....-.....-......................0/...../...../....&0.....0.....0.....0....:1.....1.....1.....1....O2.....2

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\fr.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):558716
                                                                                                                                                                                                          Entropy (8bit):5.415325018541271
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:ukaFgEhvhLRfaPwH2xPgInS0qlL/viZpnMYnYBTSk3zcHGASMsOBXJRCF/BCnq96:PChFGGASMpT9
                                                                                                                                                                                                          MD5:B9EEF7900D7ECF6044A6C4C2E8732B0F
                                                                                                                                                                                                          SHA1:225F67F8E73F73EC298A93F6EF8A9F267D3523F5
                                                                                                                                                                                                          SHA-256:7113B64DCEA93C217A9DA5D01F7FA0FA54CCD70B0DE47E15B6F5262CA1AC3529
                                                                                                                                                                                                          SHA-512:9B85041422B66E933D5169A3F4DF246DD1D570449172898BFA602B55CBC12F88D38B2CD5C2D90191C23E671A3BB44AA16D5E9669AD4D9DA9F82D8EFC8799787F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&q.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.(...s.9...t.B...v.W...w.d...y.j...z.y...|.....}.......................................................................................................Y.................S................. ...........>.................&.......................^.......................c...................................U.................n.................@.......................k.................,.................Y.....r.............................t.......................u.......................o...................................%.....=.................:.....O.................-.....;.................. ....) ..... ..... .....!....3!.....!....6".....".....".....#....u#.....#.....#.....$....Y$....y$.....$.....$....`%.....%.....%....Q&.....&.....'....G'.....'.....'.....(...."(.....(.....)....J)....f).....)....R*.....*.....*....A+.....+.....,....%,.....,.....-....\-.....-............................O/...../...../...../....b0.....0

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\hi.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1121626
                                                                                                                                                                                                          Entropy (8bit):4.404120244554871
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:qf9GxhSng6pOMkSGWPGvIV/BB0ZV1d1Y/MOxEKUt0bhYVWmhdYyBXFkbwNKKvZGK:rhSngNCPGhUKLKult
                                                                                                                                                                                                          MD5:85C5218E0BA2FFAAFC1C7A1756D572E7
                                                                                                                                                                                                          SHA1:6A9543385DAC0E32A5769CE4FD63D0E95E2B0200
                                                                                                                                                                                                          SHA-256:CFAB29205C88FADA0ABE7547180C66CDE7157215181DF81A9779B5D8773D3878
                                                                                                                                                                                                          SHA-512:0B449362CD4F07C9DDBDB72A732E3C86CC2087FED5796B3AB0C13BB5E99F8B1974950D94A7DFE00CECE092A4D0D7A0DAEF1C09F34E581E0BE5B35284FBC4E6E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'^.e.....g.....h.....i.....j.....k.....l."...n.*...o./...p.<...q.B...r.N...s._...t.h...v.}...w.....y.....z.....|.....}...............................................................................B.....m...............................................a.............................2.....%.............................0.................x...........s...........}.....%.............................2.....~.....X...... ..... ..... .....!....Q".....".....".....$.....$....~%.....%.....&.....'.....(.....(.....)....s*.....*.....*.....+....\,.....,.....,....m-..........G.....`.....7/...../....\0.....0....L1.....2....^2....}2....-3.....3....-4....I4.....4.....5.....5.....6.....6....|7.....7.....7.....9.....9.....:.....:....r;.....<....j<.....<....1=.....=.....=.....>.....>....h?.....?.....@.....A.....A....;B.....B....IC.....C.....D....WD....KE....'F.....F.....F.....G.....H....<I....tI.....J.....L.....L....%M....3N.....O.....O.....O.....Q.....Q....xR.....R.....S.....T.....T....4U....1V.....V

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\hr.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):521595
                                                                                                                                                                                                          Entropy (8bit):5.546115308485629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:aUNkqA4/iIDuRFYu7/nqIhEw0Y2csCtmF:aUNHL/ijLYUyHw0Yd7y
                                                                                                                                                                                                          MD5:D9F12D320283CF4EB69277533ADF3FFE
                                                                                                                                                                                                          SHA1:858932FAA1FC407027390D16FDABECA08F1D93B9
                                                                                                                                                                                                          SHA-256:074152975986140241C1C15BED69B331357524605AE0E779F47AEDE8EF4AF7A6
                                                                                                                                                                                                          SHA-512:1C8DE552E1657FF3E553C510F1173657DDB07466C03147A11230862B83AE81F00620980AEADBEB074579C9CDC1FD480B8662D8A5D4642AD0BA87B78CDBB42DB0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........)'C.e.....g.....h.!...i.2...j.>...k.M...l.X...n.`...o.e...p.r...q.x...r.....s.....t.....v.....w.....y.....z.....|.....}........................................... .....'.....(.....).....+.....7.....E.....S.....d.............................x.................'.................k.................^.......................j.......................Q.....z.................].................:.................'.................7.....O.................J.....^...........F.................@...........-.....P.................%.....A.............................Q......................./.......................3.......................2.......................3.............................o.................' ..... ..... .....!....U!.....!.....!.....!....?".....".....".....".....#....p#.....#.....#....1$.....$.....$.....%....f%.....%.....%.....%....a&.....&.....&.....'.....'.....'....;(....X(.....(....d).....).....)....M*.....*.....*.....+.....+.....+.....,.....,....o,.....,.....,.....,....U-.....-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\hu.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):558640
                                                                                                                                                                                                          Entropy (8bit):5.6547789226414285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:3/ShQgTS8U9vqR9OA9O/txZNe+9T9XCBdpEN/3ICmHu37kituq5RLbTZfpdNcSz0:6hQgT3s759Z16q5RLbV5Y/XZ
                                                                                                                                                                                                          MD5:3C5EAB87C4563C9AC908FC17C12F916A
                                                                                                                                                                                                          SHA1:5168967AC0033981CF6F8A3BAE8919AD16173123
                                                                                                                                                                                                          SHA-256:7C9F4FB37732C28EB09DEBFD9713FABE4FAEE65731C4BE0139F084726EE9EC57
                                                                                                                                                                                                          SHA-512:1889378B261CD8E5DE2611E01E2C279D8B176DA3C664BE74968A40CA8F74AA7645553F86AF381D0FF1AED7547FEF2294E87CFE246C102B21CCA330D5BCF40A36
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.8...g.@...h.E...i.V...j.`...k.o...l.z...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................$.....,.....4.....;.....B.....I.....J.....K.....P.....`.....x.................U...........v...................................g...........M.....g..........._.........................................).......................|................._.............................t...........).....;...........".....d.....t...........w.................l...........X.....w...........k.........................................*.......................r...........N.....e...........o.................? ..... .....!....,!.....!....."....X"....m"....."....s#.....#.....#....D$.....$....)%....?%.....%....#&....J&....f&.....&....1'....]'.....'.....'....M(.....(.....(....5).....).....)....'*.....*.....*.....+.....+.....+.....+.....,.....,.....,.....-....d-.....-................&/....5/...../....\0.....0.....0....t1.....1....;2....W2.....2....%3....V3....r3.....3....c4

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\id.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):473399
                                                                                                                                                                                                          Entropy (8bit):5.409600065188871
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:uHF5T1HapKwkK5YamcHRi6gt+JBKhJ41N:ul5TBappRqt+Ju4v
                                                                                                                                                                                                          MD5:0F48BCBCCB9C7A38A6C9FC649B947EC7
                                                                                                                                                                                                          SHA1:A73BD247D610321762033F2AE7BAFFC8C5A0DD56
                                                                                                                                                                                                          SHA-256:27FF9B82E1C161EF46F086A7198570D14890A2FD68D9D6062C39398C8D4A14E4
                                                                                                                                                                                                          SHA-512:E3300632B48AB220540184B9901CA9FDE96B5950642B429686949F4F39B47C0B100BF18FABD8CE39B8D33C565AE7780386BBF1BF94B03913BE64DCF0BBBCDAAC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&s.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.$...s.5...t.>...v.S...w.`...y.f...z.u...|.{...}.............................................................................................................;.....R.................!.....-.................7.....O.................G.....[.................9.....L...............................................$.......................%.....|.......................V.......................J.......................i.................).....p.......................%.....l.......................6....._.....i.................H.....W.................+.....5.............................^.......................@......................./.............................U.....p.......................1.....I.......................................... ....' ....o ..... ..... ..... ....5!.....!.....!.....!....4"....~"....."....."....S#.....#....$$....3$.....$.....$....7%....S%.....%.....&....2&....@&.....&.....&.....&.....&....`'.....'

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\it.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):522941
                                                                                                                                                                                                          Entropy (8bit):5.317319740802542
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:giM2Z9SEILffsF25kGEbAqpd7rjk/I8ey5kxAjV0lpmYlNX5uZLNz7DVqRT9T82A:XLZs/IEyZFW8kC8L1h
                                                                                                                                                                                                          MD5:00917DCCB5CFD8EE4ABA7E6F3F242476
                                                                                                                                                                                                          SHA1:EFBC9E7D6A94DCBF7EFB52035DD3CADA21E053DB
                                                                                                                                                                                                          SHA-256:0C20AE2EA54CC4D484990FDD94D4F80F78C20E4E4DA1D8319BC74A85AE432BCB
                                                                                                                                                                                                          SHA-512:68B0038B6B259A5CF9A38BC082639FBA937C74193B465595722FA0A15E34E43BD903A0374718B5F0C962A40273AF76346DD916C55C1FC99C21121401E941838C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.$...v.9...w.F...y.L...z.[...|.a...}.s.....{...............................................................................................+.......................u.................O...........(.....D...........9.......................E.....l.....z.................A.....P...........,.....i...................................u................./.................).....?.................\.....u...........o.................D.......................*.....t.......................=.....d.....o...........9.....y.................4.....g.....r.................=.....F.............................n.......................w...........0 ....I ..... ..... .....!.....!....r!.....!.....!.....!....6"....."....."....."....E#.....#.....#...."$.....$.....$.....$.....$....[%.....%.....%.....%....g&.....&.....'....5'.....'....L(.....(.....(....Y).....).....*....;*.....*....(+....t+.....+.....+.....,....9,....L,.....,.....-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ja.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):628850
                                                                                                                                                                                                          Entropy (8bit):5.805712787491617
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:bjoGMLixfWt5XC8sxoCv2/uLus+735JrPOoIGovEDc4SAn+wZYN94DMKVyTVsZOP:bjo6fQ54JojRXRVUQ18/dBlTFl3dQh3Y
                                                                                                                                                                                                          MD5:9536E58C5335204A154CE5E48A54AA68
                                                                                                                                                                                                          SHA1:B4735D0545A63EAF21577D975EB7F36F99C9003A
                                                                                                                                                                                                          SHA-256:611F8A0DA4ECBB7170BA322AD84B5EE0EE90E0708A2FC10DCAA1BA2DF670FFA2
                                                                                                                                                                                                          SHA-512:1751E7C69784A8EB53216B888B14C102298A676D2D57EC408E74702BCF9A40494E7B2C99F5EDAEBBA7C262E18486DFAD1D8DDC9133B504EAF409502D1747F05C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........=&/.e.<...g.D...h.I...i.T...j.]...k.n...l.w...m.....o.....p.....q.....v.....w.....y.....z.....|.....}.....................................$.....).....1.....8.....?.....F.....H.....M.....f.......................f...........G.....e...........[.................K.................I.................+.....V...........F.....w.................W.................#.......................~...........B.....c...........C.....v.................a.........................................q...........s.................R.....t...............................................G.....h...................................$.....p.................{ ..... ..... ....E!.....!.....!.....".....".....#....Z#....o#.....$.....$.....%...."%.....%.....&....V&....x&.....&....]'.....'.....'....5(.....(.....(.....).....).....*....h*.....*.....+....Z+....|+.....+.....,.....,.....,.....,....e-.....-.....-................W/...../...../....l0.....0....:1....[1.....1....o2.....2.....2....U3.....3.....3.....4.....4....'5....r5

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ko.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527146
                                                                                                                                                                                                          Entropy (8bit):6.148435858453597
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:0Yd9ME88L7gjLhIKB1DrUB1RrOeBdOkPmVqvnjxRSDG0G1zRXfwkk9og5SdKV2Ra:0Ci+KDQdId
                                                                                                                                                                                                          MD5:45508533C33A5E99D909951A0BF489E5
                                                                                                                                                                                                          SHA1:52F515D1AF7E32254BAB128BA8FBCAF573FAE8A8
                                                                                                                                                                                                          SHA-256:F035E4EB904FEA95BEACF654B94E57CBAADED041D82AE8EF7E30FF6B21B3EEE4
                                                                                                                                                                                                          SHA-512:423ED068F34B429537075719DE3338DD660CBD30E26975836E6D637464D494D8DC250240FE59BC42B10472814F6212C0A614F6264A86A4C0627DC4E1D9207398
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&R.e.....g.....h.....i.....j.....k.,...l.4...m.<...o.B...p.I...q.O...r.[...s.l...t.u...y.....z.....|.....}...............................................................................$.....7.....G...........:.......................z.................D.......................u.................2.................%.....5.................(.....;.................+.....F...........$.....Y.....m...........(.....V.....c.................F.....S...........%.....].....m...........p.................9.............................g.......................B.....g.....w...........[.......................y.................'...............................................+.......................I.......................|.......................l.................. ....w ..... ..... .....!.....!.....!....5"....e".....".....".....#.....#.....#.....#.....#.....$.....$.....$.....$.....%.....%.....&....Z&....h&.....&....A'....r'.....'.....'....Q(.....(.....(.....(....F)....f)....y).....)....;*....j*....}*

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\lt.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):557361
                                                                                                                                                                                                          Entropy (8bit):5.652266322383156
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:mQZTpmZ1IPtSiyH36kBaYT7bO/2IK6S+vCTUANxhY5r1RDp28:mQzQaPIiyH7T7bv6S+aTUAJY3b28
                                                                                                                                                                                                          MD5:8CCB6781087B7031E758BC7D2339268E
                                                                                                                                                                                                          SHA1:9DD5C11DDEC4E3A10A47DCB4BEB78AA17D1CA208
                                                                                                                                                                                                          SHA-256:CA2235EE76994C6C4BBA6C0254FB39E36F08FE2EBCCDABAB21BC0B1EAB07AF2D
                                                                                                                                                                                                          SHA-512:4607114DEB561C07ED13AB5510FEFBBB0C3D3390BD694B2D293A009F424F4836AB88E5FF8B077FB0267F6194AC98F31D4DCCF9FEBD35391FE7239FB23869C069
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&|.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.)...t.2...v.G...w.T...y.Z...z.i...|.o...}.......................................................................................................P.................L...........#.....;..........._.................D...................................C.....R...........N.........................................z...........J.....d...........T.........................................g.........../.....H...........m.................D.......................j.................".................A.....V...........P.........................................Y ..... .....!....&!.....!....*"....^"....o"....."....V#.....#.....#....2$.....$.....%....<%.....%...."&....O&....o&.....&.....'.....'.....'...._(.....(.....)....").....)....0*....q*.....*.....+....{+.....+.....+....N,.....,.....-..../-.....-....G.................T/...../....P0....h0.....0....q1.....1.....1....m2.....3....F3....W3.....3.....4....74....L4.....4....`5

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\lv.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):555662
                                                                                                                                                                                                          Entropy (8bit):5.658374044165824
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:vc5cY6zU2QHFZX28cX/S0351FuTEG53VnUkgkRI0lGPkFDmRN5tVFLlyGRoldcuZ:vc5cuFZiFuTZ5Vg1PkFDGkFuS
                                                                                                                                                                                                          MD5:6E708CE38B0E56D640FC098AC2747D91
                                                                                                                                                                                                          SHA1:0CC75C8284D1DCB18E3BEC9E8DB4BCEE56940231
                                                                                                                                                                                                          SHA-256:FB12C43064A76BBE58ED01D30696FD88739BDE7B91F2E47AF2EC521E8A737E40
                                                                                                                                                                                                          SHA-512:8DF0031F21420DEA6A9B590F082E73C666150C310EC047AA1F916194FB83DC8AABB50CCE4891E91EF8B0FA2BFE8B0E8E3155FDCACF2D23990BE29355130D866A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'M.e.....g.....h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...q.d...r.p...s.....t.....v.....w.....y.....z.....|.....}.........................................................................*.....D.....Z.....v.......................;...........5.....o.............................#...........3.....t.................r.........................................j.................;.............................c...........3.....I...........A.....z.........................................E.................................................................".......................P...........).....?...........$ ....U ....g ..... ....U!.....!.....!....."....."....."....."....6#.....#.....#.....$.....$....>%.....%.....%.....%....k&.....&.....&.....'.....'.....'.....'....P(.....(.....(.....(.....).....*....U*.....*.....*....\+....|+.....+.....,.....,.....,.....,....e-.....-....).....@............/.....0.....0.....0.....1....P1....v1.....1....q2.....2.....2....#3.....3.....3.....3....O4.....4

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ms.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):488536
                                                                                                                                                                                                          Entropy (8bit):5.306294493469751
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:K2dMABaVuDiAitZCXq+6G7L8+L9o/6x02AOJC2XPL5W:K8q9NiqxG7E6x/jD8
                                                                                                                                                                                                          MD5:FD626E16A02250312B32E11AEBDCD330
                                                                                                                                                                                                          SHA1:738881AC63B1F4CE7037526FA29841BEE0550E8A
                                                                                                                                                                                                          SHA-256:95947A1AEC39362C48316DAA8FDEA5643FEC94ADFB95F6A4058C5CB5624CDAF0
                                                                                                                                                                                                          SHA-512:04133F5DB8E1A5C5393F20555A088A16D8026C550BD1C3521A43B1BF136A5B63C109AF2A77F6C65EC4062390B81D5B75A9D94DAC7B7451561F98B9D9188D22A7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&{.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.....................................................................................................t.................N.......................p.................7.......................Q.......................G.......................I.......................o...........(.....@.............................m.......................[.......................x...........E.....W.............................a.......................3...............................................&.....................................................m.......................`.........................................0........................ ....b ..... ..... ..... ....?!....h!....y!.....!....("....]".....".....".....#.... #....,#.....#.....#.....$....-$.....$.....$....;%....T%.....%....K&.....&.....&.....'....|'.....'.....'....5(.....(.....(.....(.....)....Y)....{).....).....)....9*

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\nb.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):477646
                                                                                                                                                                                                          Entropy (8bit):5.459752406940145
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:dpY0LkYdC8EVkborMiJb9c4paaP8hC4sfgkEsRuSHMLx3VAqSR7lCL:3L5C/kborTJFcw8hC4AgkRnsVA3lCL
                                                                                                                                                                                                          MD5:644FDDFD3ED8CF5371B82D82EABA2866
                                                                                                                                                                                                          SHA1:A2A856B7A91839257E1E30E3540D59F1120B0D61
                                                                                                                                                                                                          SHA-256:753BAE4D5EF1163235E0A3CAE8FFB9087F3D7A386395390D3CB94F2DF4B88E18
                                                                                                                                                                                                          SHA-512:5248C0C433A7A3CAC1D8EA4691D3B7E025B8A6A4D24BFDA0E9474FCB93D950BA8BBEE6589F057B394EBCBBFC20B398C72FD1A295E244BBF01909FA25DC73A8A0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&~.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}...........................................................................................................i.....~...........G.........................................s.......................t.......................b.......................c...................................4.....W...........d.................>.......................z...........?.....Y...........y.................8.............................Y.....~.................<.....a.....q...........8.....p.................D.....r.................J.....|.................?.....h.....x...........6.....d.....r...........\ ..... ..... .....!....j!.....!.....!.....!....N"....m"....."....."....3#....U#....g#.....#....T$.....$.....$....%%....~%.....%.....%....+&.....&.....&.....&....@'.....'.....'.....'....N(.....(.....(.....).....).....*....a*.....*.....*....R+....~+.....+.....+....-,....J,....X,.....,...."-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\nl.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):493187
                                                                                                                                                                                                          Entropy (8bit):5.393827749953591
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:Z7LIbAfj/10/bzaAAqqJltcgoTIRC5YiFKC4rEVF3:Z7cbQ0/bzaAAqqJltzoTIRC53FKFEVZ
                                                                                                                                                                                                          MD5:81B6855C0C9414F1FE27B2977D2B1F0E
                                                                                                                                                                                                          SHA1:025B41CE9BF01D67B51F28D3B11090ABF3F82B21
                                                                                                                                                                                                          SHA-256:773CCB05BBD0CB396634B470A15FEA78D8D652E9C438ED2D34B37005F2CF6CEE
                                                                                                                                                                                                          SHA-512:BC0E40B18A8E57E57EA03BD5DF57A59D77DC96CEC3105904713693EF49E3AC7EBD3FE45C89F98D42C2B5F90BCE4602FE517E169C2D059D144C4E7D05BB0D9B1C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&m.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.$...r.0...s.A...t.J...v._...w.l...y.r...z.....|.....}........................................................................................... ...........B.................,.......................P...................................!.....8.............................q.......................s.................-.................<.....\.................O.....^...........).....`.....p...........U.................0.......................[.......................-.....z.......................R.....z.................Q.......................J.....y.................*.....T.....^.................5.....B.................2.....A.................].....s..........., ....Y ....s ..... .....!....3!....J!.....!....."....("....:".....".....#....C#....v#.....#.....$..../$....C$.....$.....%....9%....J%.....%.....&...._&....~&.....'.....'.....'.....'....l(.....(.....)....>).....).....*....:*....O*.....*.....*.....+....&+.....+.....+

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\pl.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):539557
                                                                                                                                                                                                          Entropy (8bit):5.773338059977217
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:2Hup4+HvXQ20Cf45CfzWoOBCBEfQfu4VU56HCLbDfP1CUdXCe3mAR7yYtIaMsuHt:SuhfVkdMj
                                                                                                                                                                                                          MD5:38FB64EDC386CD0838990B10D984F97A
                                                                                                                                                                                                          SHA1:104AFF928DC214C41EE1D4D0681C90ABAC4E83F3
                                                                                                                                                                                                          SHA-256:4FA349FE7A6327362C45E9F56265FC66AA9ADA65A97142C8135ECE0B90DFF095
                                                                                                                                                                                                          SHA-512:61D048B0A86A69D1A897B48122749287939FC4781F84E47D42DB6DC6CE3E8C7306E4D7DD7226805A7B81AE4416FFD94599FB285AC5434F4AFF24F2691E49A1E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&}.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.....................................................................................................,.......................w.................V........... .....>.................B.....X.................9.....M.................L.....^...........5.....k...................................d.......................z.................".................j...................................s.......................3.............................E.....f.....t...........=.....v.................E.....x.................?.....p.................+.....W.....g...........#.....W.....h...........R ..... ..... .....!....Q!....n!.....!.....!....."....O"....u"....."....$#....e#....z#.....#....L$.....$.....$.....%....e%.....%.....%.....%....M&....s&.....&.....'....l'.....'.....'....N(.....(.....)....().....).....*....a*.....*.....*....F+....s+.....+.....+.....,....3,....B,.....,.....-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\pt-BR.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):514130
                                                                                                                                                                                                          Entropy (8bit):5.4498666308918615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:C27+4zMC3RQuDEX+4XltsRXfa7NBXBL0RinD/QPNIb:CYdY2gXLtsRPQ
                                                                                                                                                                                                          MD5:D9E03426F9A3D6E5C5D34615518EF471
                                                                                                                                                                                                          SHA1:657ED52C478E7DE4335F38B2D5673DA914373DFC
                                                                                                                                                                                                          SHA-256:9DC1DCAFFA8BF4ED40D80DA533267F660985BD64DD26F551D7295AE5453105EB
                                                                                                                                                                                                          SHA-512:4DCABD2BC52A18381E1D0734C7AECF88407265625A142C50C8F5997E8726ACC51E4973E42840CDF096A9C5A9A33081464FD534807CB535EFF9FD7644539D06F9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'g.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.*...q.0...r.<...s.M...t.V...v.k...w.x...y.~...z.....|.....}...................................................................................../.....D...........\.................?.......................~...........j.................L.......................A.....k.....{...........(.....Z.....s...........g.................c.................A.................Y.....j...........3.....o.................q.................i...........8.....Y.......................-.......................).......................$.................%.....9....................... .....n.......................H.......................3.......................^ ..... ....'!....@!.....!.....!....."....."....b"....."....."..../#.....#.....#.....#....Y$.....$.....$....Y%.....%.....%.....%....>&.....&.....&.....&....B'.....'.....'.....'....}(.....(....Q)....g).....)....h*.....*.....*....A+.....+.....+.....+.....,....g,.....,.....,.....-....z-.....-.....-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\pt-PT.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):521653
                                                                                                                                                                                                          Entropy (8bit):5.425565143361199
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:P/R4cfHn21nnJoSWjy05SRv+ib4JVJJxh0yi7QjLUHt:P/qkH21nnGzjr5SRrd
                                                                                                                                                                                                          MD5:770AD49E679E0EDCE5A788578BFFFEE4
                                                                                                                                                                                                          SHA1:F2A5DF25862965CDC76C8A42C1CAC74015DE19A7
                                                                                                                                                                                                          SHA-256:00B2AFA907A4923DB8588920684A636801A277274A8F971817C6B9EFD233F9E3
                                                                                                                                                                                                          SHA-512:8835CBA57606815C78CEF7BBE96733906C49EC472CCDF0180E13166BED9CA6B9AF0A36F98A1169FC31972352E0E5DA9A71840D99D42BB19BC3F1EE5DE862960A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'>.e.....g.&...h.+...i.<...j.H...k.W...l.b...n.j...o.o...p.|...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................#.....*.....1.....2.....3.....8.....K....._.....t...............................................2.....F...........N.................H.......................m.......................L.......................f.................?.................m.................Y.......................n.................+.......................p...........J.....e.................F.....^.................6.....E.................D.....Q.................Q.....e.................N.....Z.................).....3.............................f.................. ....y ..... ....6!....H!.....!.....!.... "....<"....{"....."....."....."....W#.....#.....#.....#....j$.....$.....%....H%.....%.....%.....&.....&....z&.....&.....'.....'.....'.....'....$(....>(.....(....F).....).....)....7*.....*.....*.....+.....+.....+....5,....P,.....,.....,.....-....#-.....-.....-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ro.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):535414
                                                                                                                                                                                                          Entropy (8bit):5.482611369657256
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:pPNYQtRgcgxNeT4WUOjs2Zgh6Zbu36CZXRWW43O84OqAAMG9r4+u53ox+L:x6QtRc3IUegh6TCZXT4e84NvMGx4f4xg
                                                                                                                                                                                                          MD5:8F8B74A6ED099FEA7397FADDD10F5605
                                                                                                                                                                                                          SHA1:67220E85641A73E20BA89EF3101269945F8D728B
                                                                                                                                                                                                          SHA-256:6570FF8019D2D3B892DC71C3C3FE74594D95B5708D89C295D5594FA6C0516742
                                                                                                                                                                                                          SHA-512:B7AE1B51A016A546C4AF82A2972935EA1B14A9B65FA47C523376AF0750EDB3B1EEC6DC2428D876D6CC853E5ED71E010ACC06529ECBB1B7C40E039EBC36E7674C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'Y.e.....g.....h.....i.....j.....k.....l.*...n.2...o.7...p.D...q.J...r.V...s.g...t.p...v.....w.....y.....z.....|.....}...............................................................................$.....2.....D...........\.................5.......................k...........9.....X...........A.......................L.....v.................(.....Q.....e...........F.................3.......................{...........-.....F.................=.....R...........(.....f...................................k.......................<.............................Z.......................J.....|.................D.....s.................,.....V.....f.................(.....8.......................-...........% ....x ..... ..... ....,!....K!....a!.....!.....!....."....@".....".....#....0#....C#.....#....4$....y$.....$.....%....N%....k%.....%.....%....]&.....&.....&....''....w'.....'.....'....L(.....(.....)....7).....)....(*....l*.....*.....+....j+.....+.....+.....,....Y,....},.....,.....-....y-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ru.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):853298
                                                                                                                                                                                                          Entropy (8bit):4.927037332237398
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:qPtxclfQjRo4YRehEaX+jhvYDF3V80jMxDkD4T55/Yy2Z3qpruf6QjI4U3jDeeUn:qf3/4P4
                                                                                                                                                                                                          MD5:F02FBA849D808CB1729CA093ADF62887
                                                                                                                                                                                                          SHA1:813ED24A32B90EF66C811637182F2862CDF927A0
                                                                                                                                                                                                          SHA-256:0B5DEFEC144180A76C81B0B71617DE6E67061F0D1CF4A890D2714A9B7745A8DA
                                                                                                                                                                                                          SHA-512:348DF04F38A75C8C9880ECE387ECE1EEACF3A0FC44034800063E7AD3E5D01677199C6223B5BBFBDAD36B7ADC6F10AE520A5A07EDABF6E80CB106E391A4E5EFCF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........s&..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.)...t.2...v.G...w.T...y.Z...z.i...|.o...}.....................................................................................#.....J.....?.......................i...........k...........n.....+.................i.................h.......................B.................8.....O.......................1.....$...........n...........a...........F.....{.....".................(.......................7.....;.....5............ ..... .....!....D!.....!....."....t"....."....."....F#.....#.....#.....$.....$.....%....?%....d%.....&.....&.....&.....'.....'.....(....G(....^(.....(....[).....).....)....)*.....*.....*.....*.....+.....,....F-....p-.....-....l.................;/...../...../...../....c0.....0....k1.....1....x2.....3....v3.....3....c4.....4.....4.....4.....5.....6....n6.....6....l7.....7....T8....~8....Q9.....:.....:.....:.....;....z<.....=....S=.....>....|>.....>.....>...._?.....?.....@....&@.....@.....A

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\sk.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):540403
                                                                                                                                                                                                          Entropy (8bit):5.821000369105088
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:WHRkUWrZBRS04w0FoipTjuxd98EMtpk7kdozs4H:GRktAwdfdSOkdil
                                                                                                                                                                                                          MD5:47CA4648D26DFEB28AE711B9D6617EAC
                                                                                                                                                                                                          SHA1:E1FEE22A3B8FAF9ED429FE8BB619452210FDE48D
                                                                                                                                                                                                          SHA-256:BEB4F326AFB4F9266E30E9A2BD0C19C9A90A53F5DF1308C707F6FC62E060243F
                                                                                                                                                                                                          SHA-512:64967B03C3AB566F0F3EED01FB909FFB951E506DF1D8CCEDEE2CA62194682156DAC3B97A9491F591439B0A4350EA85E0C6FFA4E863D2D1566503C2E80619CB0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'Z.e.....g.....h.....i.....j.....k."...l.-...n.5...o.:...p.G...q.M...r.Y...s.j...t.s...v.....w.....y.....z.....|.....}...............................................................................*.....<.....Q.................).....G...........(.....Z.....h.............................[.......................{.................".........................................&.....K...........e.................U................. .................9.....J...........Q.................?.................8.......................#.............................x.......................z...........4.....J...........'.....\.....m...........3....._.....l...........P ..... ..... ..... ....o!.....!.....!....N".....".....#....7#.....#.....#.....#.....$....g$.....$.....$.....$....Z%.....%.....%.....%.....&.....&....@'....u'.....'.....(....:(....O(.....(....-)....T)....j).....)....\*.....*.....*....^+.....+....\,....q,.....,...._-.....-.....-....*.......................'/....}/...../...../....:0.....0

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\sr.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):800465
                                                                                                                                                                                                          Entropy (8bit):4.869268249601843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:t5Fag+J8eRN/uExcvMHO37Qi/k//c7KNNfISBG1huV8ZQnkm/eeeV7ooRYg30VX:Bt+J8ouZq4Y
                                                                                                                                                                                                          MD5:23E16D4E697001312EB70B26B90D2F09
                                                                                                                                                                                                          SHA1:A3124E9A69CE3450AB239D42615C1A11712FC3C4
                                                                                                                                                                                                          SHA-256:291BFA3653AA753A122F2B57E0EA616E227F8BFF4F0BAA10C6527C307A20B458
                                                                                                                                                                                                          SHA-512:6EB70F2309678AC3EEEA2DBE3DF9D9CE126D76979564CC79060DE0B51F928C1CFE788A03D0C968F22DBF3266D54923271842F02C42D7C7E835EBE7BB9A034ED4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........('D.e.....g.....h.....i.0...j.<...k.K...l.V...n.^...o.c...p.p...q.v...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................%.....&.....'.....).....S.....x...................................?.......................3...................................:.............................i.........................................O.............................*.....p.....0.........../.....X.......................2.................O ..... .....!....f".....#....C#.....#....C$....{$.....$..../%.....%.....%.....%.....&.....&....4'....S'.....(.....(.....)....C).....)....n*.....*.....*....u+.....+....>,....Y,.....,....v-.....-.....-.........../....[/....|/....H0.....0....s1.....1....22.....2.....2.....3.....3.....4....K4....~4....25.....5.....6.....6.....6.....7.....7....I8.....8....R9.....9.....9....x:.....;....Y;.....;....e<.....<....f=.....=.....>....S?.....?.....@.....@.....A.....B....XB.....C.....C.....C.....D.....D.....E....EE....bE....3F.....F

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\sv.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):483234
                                                                                                                                                                                                          Entropy (8bit):5.563848598076234
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:rYm7nYmjS9iTwK9qfrny3Jy2RMIp4gfivCDHSV2gyAkR16q0gc6kcH0n/4i054nZ:f7FOrny4clNA
                                                                                                                                                                                                          MD5:DD65A9F5F2CF816DABB678B261936577
                                                                                                                                                                                                          SHA1:5B8FA2894A5060906AFAFA5F4D348E6CD658D108
                                                                                                                                                                                                          SHA-256:F6AF06D2558AD7D7BA73423614619D64BC1DA0666F3BD33D56F7F9CE0C4C7755
                                                                                                                                                                                                          SHA-512:1A7CC4A41351E039AFCCB71577858716A540C7132C3D32A812E7A67D7440437C1EFC8D34471F80E472DB31DE8D12E2A1CA5CBAA2DBBFAF9091805B801657A829
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&}.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y...........................................................................................................X.....n...........A.........................................d.......................q.......................q...................................0.....P...........>.......................\.......................w.................D................."...........M.......................m.......................N.....s.................,.....R.....a...........1.....h.....z...........5.....c.....r...........'.....R.....a.................B.....R.................G.....V...........) ....d ....y ..... ....$!....D!....]!.....!.....!....."....0"....|"....."....."....."....t#.....#.....$....C$.....$.....$.....%....,%.....%.....%.....&....%&.....&.....&.....'..../'.....'....3(.....(.....(.....).....).....).....)....V*.....*.....*.....*....E+.....+.....+.....+.....,.....,

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\sw.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):500960
                                                                                                                                                                                                          Entropy (8bit):5.393825892572588
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:DgfcR6sKcYJLMkePfEMxAW3m8hhu80C5iPqcCBaRdXhUEbsdJchZaH9bq2nmKq:Dgu1Xu
                                                                                                                                                                                                          MD5:A70569E7BA9EEE3AE8CD846063DED8C6
                                                                                                                                                                                                          SHA1:10FBB63AF92C32A32822FE3D67264DDE6CBB36E1
                                                                                                                                                                                                          SHA-256:4014F36D250C504C2727653E72ACAD6A6359EFDBA60EF8500C00585CDB41D66E
                                                                                                                                                                                                          SHA-512:E9E9A7970FEA9882E6E2E6E952EE6818AF699E9C4AD169D1D1E26662B8A6007DBD2318A45C6BAC673304A550CC6680C0DC558F39C97C9B404DA9BBA3117950C7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&x.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}...........................................................................................................r.................W.................'.......................`.......................R.......................6.......................;.......................v...........=.....Z...........'.....f.....v...........).....\.....j...........1.....k...................................a.......................7.............................D.....k.....w...........Z.......................d.......................n.......................^.......................T.......................z.................; ..... ..... ..... ....@!.....!.....!.....!....X"....."....."....."....t#.....#.....$....K$.....$.....$.....%.....%.....%.....%.....%.....&.....&.....&.....'....Q'.....'....K(.....(.....(....1).....).....).....).....*.....*....5+....L+.....+.....,....7,....Z,.....,....B-

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\ta.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1278294
                                                                                                                                                                                                          Entropy (8bit):4.132294126962771
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:3Rs/M1mf9TMsktRdltm1vYpiMaTVhtvNcZsMY:3fQ9gsgtm1vYpiMacY
                                                                                                                                                                                                          MD5:BD5E06EF487271596B0E7AB7DDB91BC4
                                                                                                                                                                                                          SHA1:427F951CD4B2D3A5C21B1ADDFEB9B189C2CFFE0D
                                                                                                                                                                                                          SHA-256:BA7F9B53F4C87F7616692554F3A13A98DB9F18094E5CBA8938C283DB61B3DC5C
                                                                                                                                                                                                          SHA-512:9DAC54FF6E85E4436732E1D014BE474D0AC505B39BC4780B6BE83C368D7A7EA3CBEDB4CA2E8F2BB342612EF26394463DF9B2D7657D886CEAC0B54EDFC833BFEC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&o.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q. ...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...............................................................................].......................E.....{.................:...........&.............................x...........>.....|.....}.....p.............................;.....c............ ....*!.....!....."....5$.....$....f%.....&.....'....=(.....(.....).....*.....+.....+.....-....i.....B/...../.... 1....T2....Q3.....3.....4....m5.....5.....6.....6.....7....?8....p8....X9....':.....:.....:.....;.....<.....=.....=.....>.....?....6@....p@....^A....IB.....B.....B.....C.....D....KE.....E....yF....jG.....G.....H....rI.....J.....K.....K.....L.....M....9N....wN....ZO....'P....~P.....P.....Q.....R....XS.....S.....T.....U...._V.....V.....W.....X.....X.....Y....RZ....V[.....[....9\.....].....^....._....._.....a.....c....Ce....{e.....f.....g.....h.....i....yj.....k....Ol.....l.....m.....n.....o....ao.....p.....q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\te.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1169350
                                                                                                                                                                                                          Entropy (8bit):4.382025632871059
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:2hvO/Vw7McKNV/A/2TEBgTjJAZ84HtuixD/ggshTWFkmCovqdW/3wkAE26KO+ykG:2dO/VIHbsc
                                                                                                                                                                                                          MD5:DA6E23AD5FCB2DE7F0B153387326009A
                                                                                                                                                                                                          SHA1:A13A3A6A8FA9F7D61B721106B6972EF1E232EEB0
                                                                                                                                                                                                          SHA-256:A1454E158A308D68A25A1E2AF862FDB8EA8279B7CB1EAC475B556F8CCAA27762
                                                                                                                                                                                                          SHA-512:E3F6052627B9AC6F8058945E74D788E533D5F4735AFCC374B1F0195955C117128B381818029A926D94765808D373CE79494F7D912A71D27B6B68C6DC37168AF2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........m'..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.&...t./...v.D...w.Q...y.W...z.f...|.l...}.~.............................................................................L.................V...........t...................................s...........Z.........................................r.............................M.................u...........5 .....!.....".....#...."$....X%....L&.....&....#'...._(....V).....)....)*.....+.....,.....-.....-....t/.....0.....1.....2.....3.....3.....4....@4....i5.....6.....6.....6.....7.....8.....9...._9.....:.....;....*<.....<.....=.....>.....?....S?....s@....DA.....A.....A.....C.....C....aD.....D.....E.....F.....G....ZG.....H.....I....FJ.....J.....K....;L.....L.....L.....M....=N....xN.....N....oO....$P.....P.....Q....|R....yS.....T.....T.....U....VV.....V.....V....>X.....Y.....Y.....Y....8[.....[.....\.....\.....^....4`....ea.....a....(c....9d.....d....de.....f.....g....3h.....h.....i....Rj.....j.....j....Tl....Om

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\th.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1004996
                                                                                                                                                                                                          Entropy (8bit):4.442198036851291
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:O0uZN9LyZYApj4FkcS5kI4kZImt5seLTVcwPqXYN50VzUw1p5UBMbU72nCzw6CZR:zNa
                                                                                                                                                                                                          MD5:FE7461240D138B341C4664A34B40AD1E
                                                                                                                                                                                                          SHA1:613BE14A8BA9F44F44002D6D28DB5F62C3FCB8F2
                                                                                                                                                                                                          SHA-256:F00F38D4D8DE97E1F730265614682814C8EAC1383ADDF3C5CE4A9099C7272846
                                                                                                                                                                                                          SHA-512:151F501EF187D1EC14545FC7041C5A95DDB3DDA636947C3458ABC36DE33EF344BA437B41D5188EB1D1E834797B7E4E81D40EB9651EE0044BBC078891C9F8258E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........L& .e.Z...g.b...h.g...i.o...j.z...k.....l.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......'.....,.....4.....?.....G.....L.....T.....[.....b.....i.....k.....p.......................c.....t.....K...........".............................(...............................................w...........D.....e.........................................B.................E.......................y................................................ .....!....5!....m"....\#.....$....Z$....9%.....%...."&...._&....+'.....'....F(....g(....').....).....*....6*.....+.....+....>,....h,....:-.....-....[...........K/...../....l0.....0....F1.....1....;2....V2....+3.....3....L4....s4.....5.....6....N7....v7....08.....8.....9....59.....9....q:.....:.....:.....;.....;....v<.....<.....=....{>.....?.....?....&@.....@.....@.....@.....A....cB.....B.....B.....C....rD.....D....7E....:F.....G.....G.....G....9I....*J.....J....KK....>L.....L....oM.....M....UN.....N....HO....gO....pP....9Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\tr.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):515001
                                                                                                                                                                                                          Entropy (8bit):5.642513931407991
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:zYc6YGODO1ZiYmJ/AJi1/IedVO78hzI6Mw9HPHzpfzaCL/bTjojzP7SsIVxP:zYcdpDnHJL9/lss
                                                                                                                                                                                                          MD5:8C4CA89A36092B0541A7E5CF94F31756
                                                                                                                                                                                                          SHA1:A4497547C15417A49425BDD7E23C587270A3EF39
                                                                                                                                                                                                          SHA-256:52C18D81C3A2DC264B278CD161346BF450D0EF2616344ADEF3A16B30E88E7476
                                                                                                                                                                                                          SHA-512:DB160595D01EAB4E5A34159C6D90B5A9B48B58C0FB0E8F1FC3A940F0B96C0132650273AF23BD05918FB9E0575A50BF764008F0193908F1E4A64965673131E8BA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........'M.e.....g.....h.....i.....j.(...k.7...l.B...n.J...o.O...p.\...q.b...r.n...s.....t.....v.....w.....y.....z.....|.....}.........................................................................-.....I.....^.....x.............................g...................................\.....w...........8.....s................./.....V.....e.................H.....Z...........*.....\.....~...........q.................6.......................5.......................B...................................E.....].................G.....c...........".....Q.....b.................L.....\...........'.....^.....k...........:.....q.................C.....u.................>.....n.....z...........?.....s............ ..... ..... ..... ....W!.....!.....!.....!....X"....."....."....."....8#.....#.....#.....#....K$.....$.....$.....%....i%.....%.....%.....%....P&.....&.....&.....&....h'.....'.....(.....(.....(....f).....).....)....~*.....*....:+....^+.....+....d,.....,.....,....--.....-.....-.....-....D.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\uk.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):850019
                                                                                                                                                                                                          Entropy (8bit):4.961280109056989
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:TCB3zCQjCdB3IjybABINrgs7uOMLq+4uL2uaH1V1GeosSr+7Wbrh4U1ClDggF1VN:S3zCQ0rf
                                                                                                                                                                                                          MD5:F05616CE85C2706AC1391824DE8AF16B
                                                                                                                                                                                                          SHA1:48EFCDDD04FB8D31FC41DD5DE6B4858DBD435693
                                                                                                                                                                                                          SHA-256:F62680E681D887A88E69CBD16483715D550D909C48318994E8CA21F9E85212EB
                                                                                                                                                                                                          SHA-512:AF4AC56AFF5FBF5383D3E50BF2E8E1A7AD9277F5A8B1CB98824D398922851C806CE705D2CE61D9F7B9BE4E721AC72BDC8F7D8433F0BE059F55C6640EECF91C49
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.t...g.|...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w. ...y.&...z.5...|.;...}.M.....U.....Z.....b.....j.....r.....y.....................................................>.....).......................c...........i...........^.............................-.................x..........._.........................................m...................................j.......................<...........{.......................h........................ ....?!....y!....."....r"....."....."....c#.....#.....$....@$.....$....?%....}%.....%....O&.....&....M'....t'.....(.....(.....(.....(.....).....*....Y*....r*.....+.....+.....+.....+....u,.....,....C-....^-....W.....'/...../...../.....0.....1....H1....j1.....1....@2....i2.....2....<3.....3....[4....v4....k5.....6.....6.....7.....7.....8....C8....p8.....9.....9.....9.....:.....:....d;.....;.....<.....=.....=....o>.....>....~?....B@.....@.....A.....A....KB.....B.....B....LC.....C.....D....%D.....D.....E

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\vi.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):605275
                                                                                                                                                                                                          Entropy (8bit):5.821725687238616
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:hglexHIuub+cG8AKjKcfOQsziRH3skHEjf1eD7fYZ6Y2Dkg6M5i9Ksmug7:uYxJc+cG8NjjOQeiR8kHE71eHfYZ6YIH
                                                                                                                                                                                                          MD5:14F5823327308DA3BBCFA18EA6306BFE
                                                                                                                                                                                                          SHA1:39FA5DCD9077DEF62330353046F24781BB9431C9
                                                                                                                                                                                                          SHA-256:987DAED29E34E8114838615FBDCAC98CADBACD36F75057FFE673BF4706785C24
                                                                                                                                                                                                          SHA-512:80A12D1519A76F3D29CB00E56A0996B5CEF2042AC8653F68D860B13595BB24A15E914BEF0634AAA92E95232B83243726F1304D9427BCA36CA46E8C6DDFC0760C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.........&..e.B...g.J...h.O...i.i...j.u...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.$.....,.....1.....9.....A.....I.....P.....W.....^....._.....`.....b.....s............................./.................R...........'.....>...........{.............................].....v.................E.....Q...........'....._.....r...................................q.............................w...............................................u...........T...........Q.....}...........O.....x.................w.................".......................a...........% ....< ..... .....!....I!....Z!.....!....$"....X"....g"....."....1#....c#....q#.....#....V$.....$.....$....R%.....%....X&....v&.....&....d'.....'.....'....6(.....(.....(....?).....).....).....*.....*....H+.....+.....+....z,.....,.....-....:-.....-....7.....r............/...../...../.....0.....0....S1.....1.....1.....2....93.....3.....3....U4.....4.....4.....5....w5.....5.....6....&6.....6....X7.....7

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\zh-CN.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):433154
                                                                                                                                                                                                          Entropy (8bit):6.732607596049413
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:YWXe4XOlJzGJUn10e4hql/Ef2ll0o1B27T+Wd+jE:/XGmk+e4hqdJ1BG+WdUE
                                                                                                                                                                                                          MD5:0271325F1D174534C16D4C00914AFB76
                                                                                                                                                                                                          SHA1:35C84AFC0F61654F56CEF793EBBF3CC0271B5526
                                                                                                                                                                                                          SHA-256:9DF6CE35ED0987CB1721C84829707ED2EA2CA2BF4DE92CC811EA2EE306DE796E
                                                                                                                                                                                                          SHA-512:AAC09DAD70BCE649C78A3F0C0267D3E47A9BBECEFB9FED319DA817BF9B4B043705371AE4CC68A6AE061D43A9696E4E567107594BE81D02A728B86638572B51CF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........N&..e.^...g.f...h.k...i.s...j.v...k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....|.....}................... .....(.....7.....<.....D.....K.....R.....T.....Y.....b.....t.................$.......................p.......................n.......................y................./.....}.......................U.......................4.......................4.......................P.......................A.......................'...............................................1.....t.......................;.....a.....m................. ...../.................7.....I.......................#.....|.......................a.......................9.......................<.......................M.......................$.....r.......................e.......................H.....|.................+ ....E ....Q ..... .....!....3!....E!.....!....."....<"....\"....."....E#.....#.....#.....$....k$.....$.....$.....%....h%.....%.....%.....%....0&....N&....^&.....&.....'....>'....P'

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\localization\zh-TW.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):437308
                                                                                                                                                                                                          Entropy (8bit):6.731985417123661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:+SNJqHhzh5a6GUKHI/nAxUdtwPSkdT1juU02C+gIrHeThkT7jW5:+gih95q1o/nfIKxR+PH2kT7jW5
                                                                                                                                                                                                          MD5:B54BB472E44FBA47B855AF546782379E
                                                                                                                                                                                                          SHA1:EC22DCD7D5894E80922E3D0746F078E7D8084D73
                                                                                                                                                                                                          SHA-256:4CB71C89340DD85095F33927F877AFAE7FB9C0C649654CEE141C620BF939D37A
                                                                                                                                                                                                          SHA-512:7C35E58FDFF5A2D5FC08E597A8146129B117920030460FC6654ACCFCBA932A7FB68BF424D8BFEECE94ABDF38136EA61EDB25AA6CBDB994C110E22082764F8F60
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........]&..e.|...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.!...z.0...|.6...}.H.....P.....U.....].....e.....l.....s.....z.....|...........................................................J.......................6.......................2.............................o.......................@.....a.....n.................D.....^.................J....._.................@.....M.......................*.................%.....7.................M....._.............................].......................%.....t.......................N.....w.................+.....T.....`.................C.....O.......................&.....y.......................j.......................`.......................&.....l.................@.....j.....|...........).....Z.....}.......................#.....~.................. ....i ..... ..... ..... ....r!.....!....3"....B".....".....#....I#....^#.....#.....$....=$....I$.....$.....$.....$.....$....C%.....%.....%.....%....3&

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\mojo_core.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2041760
                                                                                                                                                                                                          Entropy (8bit):6.486621901265865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:RjeTBKapVIs+Orl0SZsDXsXyV7+dqbyHm340T:QtBpmXs4mHWxT
                                                                                                                                                                                                          MD5:4839D10AEA98C064AA91DF4BF217E8D4
                                                                                                                                                                                                          SHA1:EF38C03CE7A42CE05245871DBDD5397F57FE1066
                                                                                                                                                                                                          SHA-256:136BE178E30D983DD2EA04C9917BEDA9CCF56C11FB7D6026CB83A1ED17FB87F4
                                                                                                                                                                                                          SHA-512:6A87EEF73FCA2EE290ADDDCCCE1FDD3C94AD016469F7F4DC26E3E80C928008C401CF55AD03CA9DEE5B690050A0ADFE4363C889AF308EAEB7FEC750679F141D4C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........." .....:...........l.......................................@ ...........`A........................................X...p............. ..................).... .. ......8.......................(....a..@............................................text...f9.......:.................. ..`.rdata..t....P.......>..............@..@.data...P...........................@....pdata..............................@..@.gxfg....*.......,..................@..@.retplne.................................tls................................@..._RDATA..............................@..@malloc_h............................ ..`.rsrc......... .....................@..@.reloc... .... .."..................@..B................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\notification_helper.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1291168
                                                                                                                                                                                                          Entropy (8bit):6.476880129449462
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:BZ1xGKiBGYAJEjL/jhqIk9sA/0cQ7K36qFL10IxoFqe+s1YH9s26Id3o03:/GKicYAJEjL/zA/0cQSpFFxoCHRlH3
                                                                                                                                                                                                          MD5:9CC896BF1019F4D5A5C7C4525A8CB907
                                                                                                                                                                                                          SHA1:35043692177E991095CC5A39CEAD534F612ED5AE
                                                                                                                                                                                                          SHA-256:1D86FE90D16D1C5F1973A53A186524684E09CE5880DFCC36ECD96648757D951A
                                                                                                                                                                                                          SHA-512:B986E927B64E81BC56631DA7E9D6C64696C44FA3B3427AA51715894A14473378D06B8B08DEA95AB78B73E80A69AD2D658BFE08C0A12CBEEC6F58336D1A5C6F5D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f.........."............................@..........................................`.............................................\............... .......L........)......................................(.......@........... ...X............................text............................... ..`.rdata..@...........................@..@.data...............................@....pdata..L...........................@..@.gxfg...p,...0.......4..............@..@.retplne.....`.......b...................tls....y....p.......d..............@...CPADinfo@............f..............@..._RDATA...............h..............@..@.rsrc... ............j..............@..@.reloc...............t..............@..B................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1511840
                                                                                                                                                                                                          Entropy (8bit):6.371594621306597
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:CkQ/UbxuNwMp2bdbXlgmYBdDiNFo/2UCTFM8hpSuOxhOD:CkSsxmpQbXlgjdmNFo/2PTjhpn8Q
                                                                                                                                                                                                          MD5:B528572AC1820251C2A82F9C595206CC
                                                                                                                                                                                                          SHA1:5BED410A76AEFA4606CC5BEBDE9AB0AA82251448
                                                                                                                                                                                                          SHA-256:C74FE18709841A1A5488892A98B9B0CA59107D087E4F5FE1050DE80527BE2C21
                                                                                                                                                                                                          SHA-512:B6C039C843F276E59635CB18827DEEAD5304A5E25843541B78A94F611B916150D77ECABCF216443E9CEB7C87EE884173DBD67E827742102CEDEC746C03624016
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....I.f..........".................0..........@....................................u.....`.............................................k...(...P.... ..8....0..8........)......`...L...8................... ...(.......@........... .......8... ....................text............................... ..`.rdata..............................@..@.data...d|..........................@....pdata..8....0......................@..@.gxfg....*.......,..................@..@.retplne.............8...................tls.................:..............@..._RDATA...............<..............@..@.rsrc...8.... .......>..............@..@.reloc..`...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.exe.sig

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1471
                                                                                                                                                                                                          Entropy (8bit):7.59583512648567
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:+iCNV9ue/BbGNo7H6lah8keReriJ8gLIcO5v4Duvw5HjgTa/NvDOPR1I4x9PwhS:+iCHMepSN078kfipLIckwFj8a/BoL7b
                                                                                                                                                                                                          MD5:B0638AC18C13275117A1C8CEC7035855
                                                                                                                                                                                                          SHA1:60A11361D2DC1D47E4ADEE785F339D45541451EA
                                                                                                                                                                                                          SHA-256:371A713A7D95115590194B349A2670AD8B8E954FFFFDD32935C9150950239966
                                                                                                                                                                                                          SHA-512:4EDE485821014C9FBBC82964676F4319C0F4AC133A28F9181F2DD43E2E6C3C8135B398D6ECD59000D113CABEB64D3D485DC580EAD160404B1F31AFC53CE3F69A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:....0...0................K)..3...[.40...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...180627202339Z..280624202339Z0..1.0...U....PL1.0...U....DOLNOSLASKIE1.0...U....WROCLAW1.0...U....Opera Software AS1.0...U....DESKTOP1.0...U....DESKTOP PROD1'0%..*.H........wdzierzanowski@opera.com0.."0...*.H.............0.........x.....jn...)>a.....-} .v...P..S..x.>k{.........Tr..Yo.D....d.....l.v.wU. .A.W5..oor....-Vs.o.......yH.pJ...?.Whs0`....Jb....3/. tl..8c........C..Byq>h..3A8..{..p....\..n...Q.t....0mQ{j......U|.W\...........s!....K...'.....s..s....P..r8..........0..0...U.......`..\../X.l...e....w0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H..............D.G....gtpx.......~...v.....c..%.I.....c2Y.Y.....Y^..Aa..A.b.Y.f..Zra*.),K.....n.1r.C...Z...)....W.r.gu.Z....l......S.CF.m.Y...P.W..y.f.\,.$.>...!...FK....j....XHn.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\Opera GX\112.0.5197.60\opera.pak

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):49471600
                                                                                                                                                                                                          Entropy (8bit):7.939376100805244
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:786432:iF4vkIx6JFo2Pn6tNN+7AGA2Fi7OSlKLbNPbGN+ULZBFQMf9860gW:24MaLcn6t/kAGAsSYL5bMjLZBuA970r
                                                                                                                                                                                                          MD5:6AA70DA0607434A23995ED09AF10BBAF
                                                                                                                                                                                                          SHA1:79C15089E1E02B1D09FD8165EC6B2078DB5C631B
                                                                                                                                                                                                          SHA-256:8C31328CD19EDB797CDC58A4405FD354C2A338ADE86C1B372DB871D74B158DEE
                                                                                                                                                                                                          SHA-512:611A7519C3DAF649E5771F4E363FCA59B3E4261FD8CC459E469FD3AC02D101845F57A503C091946D7E4E0C65E566E68E31AA5FB77CECC0FA28DEFA11B9847B76
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........}.,.f..Q..{.N\..|."_.....c.....e..........W.................u.................&.....<............................A.....A.....A.....B.-...B.1...Bp4...B.:...B.<...B]>...Bo?...BRB...CSE...CgG...CCN...C.P...C.W...C.Z...C.]...C.o...C.q...C.v...C.x...C[~...C*....C.....C.....D.....D....D.....D_... Dv...!D.....EP....E2....E.....E'....E.....E.... E....!E...."E=...#E....BE....CE.....F.....FS... F....hG....iG....jG$...lHm...mH....nH....oH....pH....qH....rH....sH....tHN...uH`/..vH.D..RI....SI.....K.n...K.p..DMp...EM....FM....GMQ...HM2...IM5...JMt...KMG...LMN....PD....P.....Pd....P.....P.....P.....Pk....P. ...P."...PL(...P.,...P`....P./...P.1...PE3...P.5...P.9...Pn=...P.>...P.A...PNE...P.F...RWH...R.J...R.R...RI]...R.^...Rcd.. S'r..!S.u.."S.y..*S.|..+S.}..,S ...-S9...>S`...?S...@S$...fS....gS....hS....S....SJ....S....S(....SL....S....S....S...VT....WT....XT....YTS...ZT....[T....\T....]T....^T)'.._T )..`T:...aT.1...T$6...T.8...TZ;...T3F...T.G...T.I...T"M...T.N...T.U...T.W...T.^...T.`

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\40644ea8-7e5f-4641-848c-1abc6d930d58.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1168
                                                                                                                                                                                                          Entropy (8bit):5.11878746315851
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:YdHH78PBpn+6Pz4jX2YMfkueqR1pi7v1UIyZNUu517Hu8L1l:YdHH78PBAlXL+eTDyZD7LZl
                                                                                                                                                                                                          MD5:B4133A1E62CF5F0EA5688C3DA0982C7A
                                                                                                                                                                                                          SHA1:231B6ABF33A26467B526F7EB9491525106E21889
                                                                                                                                                                                                          SHA-256:45255AEDEDCAECC7A2CB42501E2067DBC269C863F50CD4C1E95F4A0139462D27
                                                                                                                                                                                                          SHA-512:A0211541AE7C9689E98F49E7AE538F2D8A0E4366D7D5BEC5F003A6B442B038DE0CB0D9E63327136168E0BD97BFF3AF0F5D3DA4A44AAA373CCE578550BAA96B42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"country":"US","features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"01979299c8cd,13e025f64bd6:disabled,13eeaf851da7,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,3389f6c15eb9,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,818c3ef12d0b,8511df77ed15,88edd7903398,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c25d6d8d2719,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,d144067b33ec,d4b5093b464f,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","remote-features-guid":"f3132f1e-25b3-4b7a-b002-9c4d48da52dc","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&quer

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\5ae97059-dba5-41dc-91ad-f49ca9785d10.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                          Entropy (8bit):5.210589711644473
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:YSAILzPl3DBDmVXceRIgc3LcE29xZWdHnOAb6AiWIoSN8mYDsbc3LcE29EsocKn:YSLrlNDmFBugO1wxYHnz6AVSN8mY4bOj
                                                                                                                                                                                                          MD5:371BDD2EF39E493D9A690A8ECB437FC0
                                                                                                                                                                                                          SHA1:C8F89D3CC3E9F314142760B13CC64590B9B29790
                                                                                                                                                                                                          SHA-256:0BEC803AE11F148385923B7CA7E10F87CDEB1651778E31D441CEDBFC1DE3436F
                                                                                                                                                                                                          SHA-512:DCF605BD8109EB0A09AC782884349867568C01AFE50685CFA7B44BD5C873BDF66075465299B7864C83FC388B56B6B277B7E0B8A46D356DE0EC65DCDDF0F259BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-2?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB5_3849%26utm_id=a30b944bd1474a509ade0914074524ec%26utm_content=3849_opgx5"}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\7e91cc11-82f6-4f99-b115-b2885cf436cc.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):395
                                                                                                                                                                                                          Entropy (8bit):5.2475292602623975
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:YGKed2pHlUrlNDmFBugO1wxYHnz6AVSN8mY4bO1wPoVn:YdHHlUZNUu517Hu8L1l
                                                                                                                                                                                                          MD5:4C62D3D4FB5F9874C15237697B29B51A
                                                                                                                                                                                                          SHA1:39AF98DD994ED674E9C707A0031B7229FF9FB728
                                                                                                                                                                                                          SHA-256:01F231BD7AC2F4845B990813EF874058172801FE1B1ABADFF8118B949CB76D7D
                                                                                                                                                                                                          SHA-512:69ECB8E991571DFCA00B39E8B5827E4FD0B5447AC36F120A789C191FFCED62A4122CB6427403DD4E755C2C35BEB11CE07D24C8E616EE4C7661FD997974354A94
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"country":"US","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-2?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB5_3849%26utm_id=a30b944bd1474a509ade0914074524ec%26utm_content=3849_opgx5"}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\additional_file0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1499104
                                                                                                                                                                                                          Entropy (8bit):7.985603261747699
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                                          MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                          SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                                          SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                                          SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\additional_file1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):242304
                                                                                                                                                                                                          Entropy (8bit):6.028776242997077
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:+lrEaq+nSpKS1d/ttUYD6W6Z2NrwYrVZCs0iUCabiKfAu/wX2OCy:cEe+1btUYOnkrPVZCCUCabNU
                                                                                                                                                                                                          MD5:8EEDA41CF4BB6900216E9A91E69BF857
                                                                                                                                                                                                          SHA1:858FD2E9F90A1A55C4A7B6DE5C1EEABC851749C1
                                                                                                                                                                                                          SHA-256:00CC54663583EE631FA4063B2AF65B89B3451C70435D8EAF9F8332B5CDE916E7
                                                                                                                                                                                                          SHA-512:EB08D29C0F317FE0B3214BBE56CDC3B6F9C0C6A4289FB6C459F6915C2E227B507E32B8763FFD28BDBA829DE7CACE4C3816346B30550410E9D09A2B637D921748
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:// oIafncyzxXIthD3yrr0ExADLGcSvJVUPhfm/Ps9IJWzBeVPqfctf2eq3cfSQou5ntqGt6gg7DLHaqxPUf7YMzjoasvVdoztX/1r0O8XKGUx89DnXb+9PZJe/CcnoP0KFiAxZlugvMS9+zaPR/MbZpGnOO7Ylzoxo0Y3WXqfWtpQ8jK9r4pMa23T1hW1X+kj1PKpTOpTZtsm2TtxQGPUXsMmvu/XJHkjGSVpTyFCVFrobvLd0XQPWe6oqLrvsNgPW9HJjbDWiR3cUL2kxGw8qsix5PK/KijbPVyf/tuIv2CYgca2qfUrmjNG5/Mx03+QaecavFhuVV4KaWFacYnatuQ==.{. "version": 41,. "partner_id": "std-2",. "user_agent": "std-2",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1499104
                                                                                                                                                                                                          Entropy (8bit):7.985603261747699
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                                          MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                          SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                                          SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                                          SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1853592
                                                                                                                                                                                                          Entropy (8bit):6.818631706824549
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:K9A2yB7Nxu6wdWob6zD0fnBa2M9SmWqRYv9XTQdg7VHUw9MqNTLTM7DbXTWs4HU+:cAF/wvfnJ1zRH/2qNvsD3W3HUTX4Ean
                                                                                                                                                                                                          MD5:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                                          SHA1:8DD93340E3D09DE993C3BC12DB82680A8E69D653
                                                                                                                                                                                                          SHA-256:AFE569CE9E4F71C23BA5F6E8FD32BE62AC9538E397CDE8F2ECBE46FAA721242A
                                                                                                                                                                                                          SHA-512:A04E6FD052D2D63A0737C83702C66A9AF834F9DF8423666508C42B3E1D8384300239C9DDACDC31C1E85140EB1193BCFAC209F218750B40342492FFCE6E9DA481
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`.........."......`........................@.................................sS....@.............................`................E...........,...............~.......................}......@4..........................@....................text...?_.......`.................. ..`.rdata......p.......d..............@..@.data....c.......0..................@....00cfg.......p......................@..@.tls................................@....voltbl.P...............................CPADinfo0...........................@....rsrc....E.......F..................@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\browser_assistant.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3291288
                                                                                                                                                                                                          Entropy (8bit):6.8236015092223115
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:4qcHd9dChDBdG26666666666666666666666666666666x666666666666666fwW:4qcHZChfGcwMOlq
                                                                                                                                                                                                          MD5:28A21AFB4BDC543B4B0309BB78B8BA4A
                                                                                                                                                                                                          SHA1:AB6230C0E1C2C12FC5C9B7A60EA5ADEF99E7783B
                                                                                                                                                                                                          SHA-256:672AEB85A07EC1A25DBCF48B64D3BDE24DD0691C2BB27ED74A536776F63B5D27
                                                                                                                                                                                                          SHA-512:806A3466DD4DE9BFCA6B13C20E69985DECFB8FFE5A31F785D649DAB249064FC4EC1FBBA9DDAEFC634D6E7AA355FEF73F511357C748043E407F979B150C159CB7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`..........".......'..........6$...........@...........................2......v2...@........................../.^...1./.T.....0.@.............2.......1......k/..................... j/.......-.............P./.....`./.@....................text.....'.......'................. ..`.rdata....... '.......'.............@..@.data...,n....0..2..../.............@....00cfg.......p0.......0.............@..@.rodata.......0.......0............. ..`.tls..........0.......0.............@....voltbl.\.....0.......0.................CPADinfo0.....0.......0.............@....rsrc...@.....0.......0.............@..@.reloc........1.......0.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\files_list

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):61
                                                                                                                                                                                                          Entropy (8bit):4.030896101301726
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:/WBElnLWqOXLNod5ylmvYKO:aElZOXL6+lmvYD
                                                                                                                                                                                                          MD5:2F070A8DDB1E4A5BC2137DBB2967E9A8
                                                                                                                                                                                                          SHA1:F9F38DA409C2D4DFCE3471CF6621B7B81B797BF5
                                                                                                                                                                                                          SHA-256:4C3722675F9E72C3ECE2A029DC8637CD8219CEB40B623D6DC75647314036AD3C
                                                                                                                                                                                                          SHA-512:52FCB7870637F46D156D2F210E119A52B5B5226B9AEDE66ACF51160FBA45310D865DC4CCE1BD8A82156C414175DE49A5DCB527CF9F635F925D3C5603872CDD7C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:assistant_installer.exe..browser_assistant.exe..mojo_core.dll

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\mojo_core.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):990360
                                                                                                                                                                                                          Entropy (8bit):6.751997627821156
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:A6o+8ckgAyVGC2a8KmvPvFRcYc5L8eJcnvkmXXXoQZB16mk:845W9rDMMZz6mk
                                                                                                                                                                                                          MD5:7913D58432695A0DD61EE6B472FBDE99
                                                                                                                                                                                                          SHA1:2F29F0B689539C03F16C1DB7DEBD216F8D71A110
                                                                                                                                                                                                          SHA-256:789E08420078F7EAFBE22A28CD657313829E52F9A5133FD20D894A0AADFC0CD1
                                                                                                                                                                                                          SHA-512:ECD2D61ED30F455746E7A70D719C9A10C85C861753BBBF9E478F6B5C6790465B1BE6951594222C5B5F5F7471E0A54EFEC8F66247F817E7AD97BB4E5839CC4326
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`.........."!.........F............................................................@A.........................?..t....?............................... ..0l...*.......................).......................B...............................text...|........................... ..`.rdata..(...........................@..@.data...,g.......,...`..............@....00cfg..............................@..@.tls................................@....voltbl..................................reloc..0l... ...n..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\files_list

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):39
                                                                                                                                                                                                          Entropy (8bit):3.830148693165749
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:mWaTtoKAtPNe:m3K/g
                                                                                                                                                                                                          MD5:FE7F046D773FC1DE764E1BE70614BF20
                                                                                                                                                                                                          SHA1:C2F16957953DEEB6DE1A12FA656AC84FCAA5B085
                                                                                                                                                                                                          SHA-256:3D87AD3D7001FBE5D65682BF1111A73C4A1BA68B34C604C6BDE77C5DD8ADCC8E
                                                                                                                                                                                                          SHA-512:405BC34A634007AF8159252D1E28AD3578BD6339C81B9DE97E022FD1420D0394488C09A36BD7E23BB38DF466AE2FA1B66420F97198DBD2099A161ABCDA121A03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:resources/custom_partner_content.json..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\installer_prefs_include.json (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                          Entropy (8bit):5.210589711644473
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:YSAILzPl3DBDmVXceRIgc3LcE29xZWdHnOAb6AiWIoSN8mYDsbc3LcE29EsocKn:YSLrlNDmFBugO1wxYHnz6AVSN8mY4bOj
                                                                                                                                                                                                          MD5:371BDD2EF39E493D9A690A8ECB437FC0
                                                                                                                                                                                                          SHA1:C8F89D3CC3E9F314142760B13CC64590B9B29790
                                                                                                                                                                                                          SHA-256:0BEC803AE11F148385923B7CA7E10F87CDEB1651778E31D441CEDBFC1DE3436F
                                                                                                                                                                                                          SHA-512:DCF605BD8109EB0A09AC782884349867568C01AFE50685CFA7B44BD5C873BDF66075465299B7864C83FC388B56B6B277B7E0B8A46D356DE0EC65DCDDF0F259BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-2?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB5_3849%26utm_id=a30b944bd1474a509ade0914074524ec%26utm_content=3849_opgx5"}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\installer_prefs_include.json.backup

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                          Entropy (8bit):5.210589711644473
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:YSAILzPl3DBDmVXceRIgc3LcE29xZWdHnOAb6AiWIoSN8mYDsbc3LcE29EsocKn:YSLrlNDmFBugO1wxYHnz6AVSN8mY4bOj
                                                                                                                                                                                                          MD5:371BDD2EF39E493D9A690A8ECB437FC0
                                                                                                                                                                                                          SHA1:C8F89D3CC3E9F314142760B13CC64590B9B29790
                                                                                                                                                                                                          SHA-256:0BEC803AE11F148385923B7CA7E10F87CDEB1651778E31D441CEDBFC1DE3436F
                                                                                                                                                                                                          SHA-512:DCF605BD8109EB0A09AC782884349867568C01AFE50685CFA7B44BD5C873BDF66075465299B7864C83FC388B56B6B277B7E0B8A46D356DE0EC65DCDDF0F259BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-2?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB5_3849%26utm_id=a30b944bd1474a509ade0914074524ec%26utm_content=3849_opgx5"}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\installer_prefs_include.json~RF9f7ccb.TMP (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                          Entropy (8bit):5.210589711644473
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:YSAILzPl3DBDmVXceRIgc3LcE29xZWdHnOAb6AiWIoSN8mYDsbc3LcE29EsocKn:YSLrlNDmFBugO1wxYHnz6AVSN8mY4bOj
                                                                                                                                                                                                          MD5:371BDD2EF39E493D9A690A8ECB437FC0
                                                                                                                                                                                                          SHA1:C8F89D3CC3E9F314142760B13CC64590B9B29790
                                                                                                                                                                                                          SHA-256:0BEC803AE11F148385923B7CA7E10F87CDEB1651778E31D441CEDBFC1DE3436F
                                                                                                                                                                                                          SHA-512:DCF605BD8109EB0A09AC782884349867568C01AFE50685CFA7B44BD5C873BDF66075465299B7864C83FC388B56B6B277B7E0B8A46D356DE0EC65DCDDF0F259BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-2?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB5_3849%26utm_id=a30b944bd1474a509ade0914074524ec%26utm_content=3849_opgx5"}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\installer_prefs_include.json~RF9f7ceb.TMP (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                          Entropy (8bit):5.210589711644473
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:YSAILzPl3DBDmVXceRIgc3LcE29xZWdHnOAb6AiWIoSN8mYDsbc3LcE29EsocKn:YSLrlNDmFBugO1wxYHnz6AVSN8mY4bOj
                                                                                                                                                                                                          MD5:371BDD2EF39E493D9A690A8ECB437FC0
                                                                                                                                                                                                          SHA1:C8F89D3CC3E9F314142760B13CC64590B9B29790
                                                                                                                                                                                                          SHA-256:0BEC803AE11F148385923B7CA7E10F87CDEB1651778E31D441CEDBFC1DE3436F
                                                                                                                                                                                                          SHA-512:DCF605BD8109EB0A09AC782884349867568C01AFE50685CFA7B44BD5C873BDF66075465299B7864C83FC388B56B6B277B7E0B8A46D356DE0EC65DCDDF0F259BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgx5&utm_id=a30b944bd1474a509ade0914074524ec&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-2?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB5_3849%26utm_id=a30b944bd1474a509ade0914074524ec%26utm_content=3849_opgx5"}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\opera_package

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):142521560
                                                                                                                                                                                                          Entropy (8bit):7.999975759014379
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3145728:hIDKzMAN3dJtuKQ5jMQWmOpQQZl01EOF2GBE2Rpoa65Zc5EE:hIMXpde5A3/pQK9sFpI3lE
                                                                                                                                                                                                          MD5:68FB03C2804B75DDD43E83A098C698E5
                                                                                                                                                                                                          SHA1:C1190FA782F7C0ECA06676028ABF801D291527C8
                                                                                                                                                                                                          SHA-256:7FB69C7DA2937C4CC97B29E5322DB01F69E0632A933AF673DA84E14E8E68D141
                                                                                                                                                                                                          SHA-512:E1CBCFA179683415FB1BDDCA87A61E0D9E504BB465004CBC3F47A6A286563C9B9D293DFF81A1F73FBA2425F94C8139FE45A19AAE9A5F42DA60F28EB3F8DB4CD6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@...................................~...@..................................R..d...................8.~..).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\pref_default_overrides

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:99914B932BD37A50B983C5E7C90AE93B
                                                                                                                                                                                                          SHA1:BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
                                                                                                                                                                                                          SHA-256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
                                                                                                                                                                                                          SHA-512:27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\resources\custom_partner_content.json (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):242304
                                                                                                                                                                                                          Entropy (8bit):6.028776242997077
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:8EEDA41CF4BB6900216E9A91E69BF857
                                                                                                                                                                                                          SHA1:858FD2E9F90A1A55C4A7B6DE5C1EEABC851749C1
                                                                                                                                                                                                          SHA-256:00CC54663583EE631FA4063B2AF65B89B3451C70435D8EAF9F8332B5CDE916E7
                                                                                                                                                                                                          SHA-512:EB08D29C0F317FE0B3214BBE56CDC3B6F9C0C6A4289FB6C459F6915C2E227B507E32B8763FFD28BDBA829DE7CACE4C3816346B30550410E9D09A2B637D921748
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:// oIafncyzxXIthD3yrr0ExADLGcSvJVUPhfm/Ps9IJWzBeVPqfctf2eq3cfSQou5ntqGt6gg7DLHaqxPUf7YMzjoasvVdoztX/1r0O8XKGUx89DnXb+9PZJe/CcnoP0KFiAxZlugvMS9+zaPR/MbZpGnOO7Ylzoxo0Y3WXqfWtpQ8jK9r4pMa23T1hW1X+kj1PKpTOpTZtsm2TtxQGPUXsMmvu/XJHkjGSVpTyFCVFrobvLd0XQPWe6oqLrvsNgPW9HJjbDWiR3cUL2kxGw8qsix5PK/KijbPVyf/tuIv2CYgca2qfUrmjNG5/Mx03+QaecavFhuVV4KaWFacYnatuQ==.{. "version": 41,. "partner_id": "std-2",. "user_agent": "std-2",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\server_tracking_data

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (904), with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):904
                                                                                                                                                                                                          Entropy (8bit):5.610612315079057
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B7BAAA97AD5A924DB1E1A0C2E9E70631
                                                                                                                                                                                                          SHA1:850202AE4B73F87A72F38739491191761964B7F0
                                                                                                                                                                                                          SHA-256:0BCF6EBF0F2BCB87D5B077B6B1171113114CD1F0227EB852B61EB95F6D990448
                                                                                                                                                                                                          SHA-512:D0C16C22037F9A767CD0AA3063A593B0FF11E41AF1023D54CC5D6C142301791EC1711629938B2A8334BDBA21661B2615CEBAFA8FDD4C3FD5612449910BA50243
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZkYTFjNWI3ZWIyZDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMyMDQyLjY2MTUiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImEzMGI5NDRiZDE0NzRhNTA5YWRlMDkxNDA3NDUyNGVjIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjhkY2RkMjUtNzRhZS00MWQ1LTkwNTctZWY5ZGI5M2ZlMmFiIn0=

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6731168
                                                                                                                                                                                                          Entropy (8bit):7.179773604335789
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          SHA1:578EA8B4BD0BBD32114BFD61910118C3D9CFC355
                                                                                                                                                                                                          SHA-256:8A82AE5C857123CC6972B93828F3A6202C0DB4D325EA6D5B1E36DCFB290C1E09
                                                                                                                                                                                                          SHA-512:23470D0AA5989132EFA1FCD4B1D183374384E3B75249910C08E22D2FEDF315F084028B7299D6F6C0A5230B2EC78179485D0F187D0A87F710D25F1EAC81939E47
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."......P...8b..................@...........................f.......g...@.....................................P.........a...........f..)....f.d7...................................`...............................................text...8O.......P.................. ..`.rdata.......`.......T..............@..@.data....5...@......................@....tls.................L..............@....rsrc.....a.......a..N..............@..@.reloc..d7....f..8...Tf.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814064048262.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1849)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10105
                                                                                                                                                                                                          Entropy (8bit):5.808908186890119
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4A35B0980DB6D0AE7CA843B02DB3612F
                                                                                                                                                                                                          SHA1:52DF91C0598F5DE847C2CF1DDC4E3063A551560C
                                                                                                                                                                                                          SHA-256:AC5419B620EEF55C2865A951CD0667DF6014012D3E4A035FFCB76B8C1BF382BE
                                                                                                                                                                                                          SHA-512:921FB60987C7B8C649DBBBE6AD00C151315AD4298790699E0C5AEE8E8AA2DB535E5A31A64F4FBDFA71921163150FFB9AEAB0CEA72ECC8D7996AEC93EC3C742A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[0814/064048.262:INFO:installer_main.cc(475)] Opera GX installer starting - version 112.0.5197.60 Stable.[0814/064048.262:INFO:installer_main.cc(478)] Command line: "C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --silent --allusers=0 --server-tracking-blob=ZDk4YzUwYWJjYjhmMGQ4MDNiOGIxMmFlMmZjODBkM2IxOTViNGE1OWE1NGM4NDBkYTZkNDE3NzA5NTBlYTk2Yjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMjA0Mi42NjE1IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJhMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY4ZGNkZDI1LTc0YWU

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814064051411.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1858)
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):5369
                                                                                                                                                                                                          Entropy (8bit):5.807782262846333
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:74D994DA664432B40D894C6552D7A2BF
                                                                                                                                                                                                          SHA1:A39293F24C243E6FDAA7ACCB5E88A7222D26BBEA
                                                                                                                                                                                                          SHA-256:ABF07CA7F0D09E10C559697848C55E27DD5AA83E57D0DE4385B6DF383211E7A6
                                                                                                                                                                                                          SHA-512:B067A3EA373629D0EA59F4F06E4520C2DD7C1F500882DF3D548D87CDF8EF8D39CC23C9078516FA2C440F8F58144A3C697D5A4CBBA606DBCA2ECA338BCFEC9EFC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[0814/064051.411:INFO:installer_main.cc(475)] Opera GX installer starting - version 112.0.5197.60 Stable.[0814/064051.411:INFO:installer_main.cc(478)] Command line: "C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZk

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6731168
                                                                                                                                                                                                          Entropy (8bit):7.179773604335789
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          SHA1:578EA8B4BD0BBD32114BFD61910118C3D9CFC355
                                                                                                                                                                                                          SHA-256:8A82AE5C857123CC6972B93828F3A6202C0DB4D325EA6D5B1E36DCFB290C1E09
                                                                                                                                                                                                          SHA-512:23470D0AA5989132EFA1FCD4B1D183374384E3B75249910C08E22D2FEDF315F084028B7299D6F6C0A5230B2EC78179485D0F187D0A87F710D25F1EAC81939E47
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."......P...8b..................@...........................f.......g...@.....................................P.........a...........f..)....f.d7...................................`...............................................text...8O.......P.................. ..`.rdata.......`.......T..............@..@.data....5...@......................@....tls.................L..............@....rsrc.....a.......a..N..............@..@.reloc..d7....f..8...Tf.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):249584
                                                                                                                                                                                                          Entropy (8bit):6.63879813441315
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D17C53DAA4B02748963E7902370840B7
                                                                                                                                                                                                          SHA1:45894EED92E9A61298BD4CBB323FE6B5FC05232A
                                                                                                                                                                                                          SHA-256:825C5B3704485508C16E01F0EA5AD6A806F42E1A23791A937DE7708DF448036A
                                                                                                                                                                                                          SHA-512:5D5C7085AC4AB0D88CC9474B4EEEF9E917980CBB22E13B68796BCCD8A70B005406116081BF872CB5948A3AE206A16CAF11DC2612384D10D36B0EB71CD5DF3B6C
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........M..]M..]M..].'.]F..].'.]..].'.]U..]...\_..]...\[..]...\O..]...\}..]D.}]L..]D.m]B..]M..]...]D.z]L..]...\@..]...]L..]M.i]O..]...\L..]RichM..]........................PE..L......f.........."......,...~...... ........@....@......................................@.......................................... ..............H....*..............p...................0........^..@............@......,........................text....*.......,.................. ..`.rdata......@.......0..............@..@.data...8...........................@....didat..P...........................@....rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3277888
                                                                                                                                                                                                          Entropy (8bit):7.960438190861444
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:CA696FF5944B0B4DC2786161F636E5D3
                                                                                                                                                                                                          SHA1:746C05B97BBEA3140B39459917675644ADA0CA5B
                                                                                                                                                                                                          SHA-256:91EE4ACAA2047F7865E4BC726AA36A1845A13F47B7A686B074F14ACD4F4E7261
                                                                                                                                                                                                          SHA-512:D512AC4080250737A25F73289D277B72DD7E45D0DDC263B4CA376105943084AB925483C3F4A6C651E072CE3B3FFCCEDE554020D73904107E39CEB8A646284782
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N....m...m...m..A....m..A....m...._m.....m.....m..A....m..A....m...m...m....\m....X..m...m0..m.....m..Rich.m..........PE..L....if...............'.....j....................@...................................2...@.................................H...d.......L0............1..,...@...1...C...............................C..@...............0............................text............................... ..`.rdata..z...........................@..@.data....K..........................@....rsrc...L0.......2..................@..@.reloc...1...@...2..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13853648
                                                                                                                                                                                                          Entropy (8bit):7.995252036325378
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9882A328C8414274555845FA6B542D1E
                                                                                                                                                                                                          SHA1:AB4A97610B127D68C45311DEABFBCD8AA7066F4B
                                                                                                                                                                                                          SHA-256:510FC8C2112E2BC544FB29A72191EABCC68D3A5A7468D35D7694493BC8593A79
                                                                                                                                                                                                          SHA-512:C08D1AA7E6E6215A0CEE2793592B65668066C8C984B26675D2B8C09BC7FEE21411CB3C0A905EAEE7A48E7A47535FA777DE21EEB07C78BCA7BF3D7BB17192ACF2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p......!.....@..............................................;...........;..8(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040474033400.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6204832
                                                                                                                                                                                                          Entropy (8bit):7.19676202349907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                                                                                                                          SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                                                                                                                          SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                                                                                                                          SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040479726116.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6204832
                                                                                                                                                                                                          Entropy (8bit):7.19676202349907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                                                                                                                          SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                                                                                                                          SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                                                                                                                          SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040489925672.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6204832
                                                                                                                                                                                                          Entropy (8bit):7.19676202349907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                                                                                                                          SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                                                                                                                          SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                                                                                                                          SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040504265380.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6204832
                                                                                                                                                                                                          Entropy (8bit):7.19676202349907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                                                                                                                          SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                                                                                                                          SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                                                                                                                          SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Opera_installer_2408141040510976328.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6204832
                                                                                                                                                                                                          Entropy (8bit):7.19676202349907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                                                                                                                          SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                                                                                                                          SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                                                                                                                          SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\assistant_installer_20240814064122.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):244
                                                                                                                                                                                                          Entropy (8bit):5.030630439851034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:41453D60C26749EF776C8B0D1D23E4DB
                                                                                                                                                                                                          SHA1:25FBBBCB996FDD2C6A4B1148A5F5C7AA1576D968
                                                                                                                                                                                                          SHA-256:35483C21311336727D8862D027DD183D56962AF36EFD9D04FC15E1CF98342DA1
                                                                                                                                                                                                          SHA-512:7F8D5754DDF828BF29C8E135A089E85DF34B5C658D989BA21684761C281A5B56E3E385FFB3AF85583285701D8E323B923295B9F85FAEE29AE26855D133FA13AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[0814/064122.526:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --version.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814064007.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (321), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16359
                                                                                                                                                                                                          Entropy (8bit):5.5046800159898845
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:0A942950D3A4647053BE00885407FC2E
                                                                                                                                                                                                          SHA1:42A2744354EC892A893ED731BFCF3C786104E74A
                                                                                                                                                                                                          SHA-256:80CCDA7FEF7740A76F0677F0943C065488EDFF49B8D289A373ECA71A63D53327
                                                                                                                                                                                                          SHA-512:7B2695B4A0BF92A01B0AA9A74405B25D874B97BFB8580B165189C5D210EA0A6F5614A245424633068685F06F2137D8C59FAD779625350F19B0C8CD308F575DBB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[1E48:0E7C][2024-08-14T06:40:06]i001: Burn v3.10.4.4718, Windows v10.0 (Build 19042: Service Pack 0), path: C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe..[1E48:0E7C][2024-08-14T06:40:07]i009: Command Line: '-burn.clean.room=C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe -burn.filehandle.attached=524 -burn.filehandle.self=632 /quiet /norestart'..[1E48:0E7C][2024-08-14T06:40:07]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe'..[1E48:0E7C][2024-08-14T06:40:07]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Local\Temp\DriverHub\'..[1E48:0E7C][2024-08-14T06:40:07]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814064007.log'..[1E48:0E7C][2024-08-14T06:40:07]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015-2022 Redistributa

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814064007_000_vcRuntimeMinimum_x86.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):144900
                                                                                                                                                                                                          Entropy (8bit):3.823468403487442
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1EA6441908EF22B01B33CA4EC201D1A5
                                                                                                                                                                                                          SHA1:34F93209E3F3F3268F8178E63304346CE8AFB9BC
                                                                                                                                                                                                          SHA-256:71524891571D8F15CD7E0F6C6D2DD2CA6FFDE4BA4DB625F40C7579294C9405D1
                                                                                                                                                                                                          SHA-512:91F505AA8C8AE7EF85342D21032156BDDDACA43EDA71D49FCE01149A6D8FE0800C6BF2168D6ECDCB64564E4B62449374CDED6662C44662E8F03DF11017E5765C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.8./.2.0.2.4. . .0.6.:.4.0.:.0.8. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.4.B.C.C.0.0.F.A.-.1.5.7.3.-.4.2.F.F.-.9.0.B.D.-.8.B.E.E.0.1.9.8.C.5.B.4.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.1.0.:.D.0.). .[.0.6.:.4.0.:.0.8.:.4.8.2.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.1.0.:.D.0.). .[.0.6.:.4.0.:.0.8.:.4.8.2.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.1.0.:.D.0.). .[.0.6.:.4.0.:.0.8.:.4.8.2.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.2.8.6.D.C.3.9.B.-.5.F.B.7.-.4.A.F.F.-.9.D.D.4.-.2.2.D.B.4.7.6.6.4.C.D.7.}.v.1.4...3.8...3.3.1.3.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814064007_001_vcRuntimeAdditional_x86.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (411), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):139880
                                                                                                                                                                                                          Entropy (8bit):3.8151499338430095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:17E2280864167B244A49977EE4D520CB
                                                                                                                                                                                                          SHA1:0471E2D489221720502D4C11A4D64C3CB620D0D1
                                                                                                                                                                                                          SHA-256:4411B04DE0521B3BD731A6CFFD17E119879DD91FAB8235E3356D434486908BC6
                                                                                                                                                                                                          SHA-512:9E14C45C9CAB4205E58C6D99E94F08CDD2FCF6028D0013B3C7D0FC5502723A211524D8B6E430CAACC7EF7926B6C1486B93F83F5E14225402B6F8CA26F49723CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.8./.2.0.2.4. . .0.6.:.4.0.:.0.9. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.4.B.C.C.0.0.F.A.-.1.5.7.3.-.4.2.F.F.-.9.0.B.D.-.8.B.E.E.0.1.9.8.C.5.B.4.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.1.0.:.8.0.). .[.0.6.:.4.0.:.0.9.:.5.6.0.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.1.0.:.8.0.). .[.0.6.:.4.0.:.0.9.:.5.6.0.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.1.0.:.8.0.). .[.0.6.:.4.0.:.0.9.:.5.6.0.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.9.C.1.9.C.1.0.3.-.7.D.B.1.-.4.4.D.1.-.A.0.3.9.-.2.C.0.7.6.A.6.3.3.A.3.8.}.v.1.4...3.8...3.3.1.3.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814064018.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):3785
                                                                                                                                                                                                          Entropy (8bit):5.391460813384793
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:92143969C17C1E9C98DE79DD3457C6CF
                                                                                                                                                                                                          SHA1:A5F005BA37244BB8AC942D81980FA5FD5C4FDAE1
                                                                                                                                                                                                          SHA-256:3F5191C99E7D36BDD43F6C68A890D65771CF28B1D84E39F2460204E6C4726D7D
                                                                                                                                                                                                          SHA-512:607393A124D29765502BF7AF8CA16A5ED817C0111917011BFED3F90CA2495B6CCC38CDF2EE754047439BE98A05BC84A138E9BDC45E7DBE58C562533399EE2D2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[1D14:1078][2024-08-14T06:40:18]i001: Burn v3.10.4.4718, Windows v10.0 (Build 19042: Service Pack 0), path: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe..[1D14:1078][2024-08-14T06:40:18]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560'..[1D14:1078][2024-08-14T06:40:18]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814064018.log'..[1D14:1078][2024-08-14T06:40:18]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'..[1D14:0774][2024-08-14T06:40:18]i000: Setting version variable 'WixBundleFileVersion' to value '14.38.33135.0'..[1D14:1078][2024-08-14T06:40:18]i100: Detect begin, 10 packages..[1D14:1078][2024-08-14T06:40:18]i000: Setting version variable 'windows_uCRT_DetectKey' to value '10.0.19041.789'..[1D14:1078][2024-0

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1028\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18415
                                                                                                                                                                                                          Entropy (8bit):4.043868285184243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2B063D92663595DFE4781AE687A03D86
                                                                                                                                                                                                          SHA1:0FB582E756DBC751EA380593AC4DA27DDB4EBB06
                                                                                                                                                                                                          SHA-256:44C76290F7A2E45940E8338912FEB49BCF4E071CFA85D2D34762857743ACBC8D
                                                                                                                                                                                                          SHA-512:94C8FDA6173C7F5740F206190EDCD1F1F1C309596B710D400E23CD363A619D707A5D4576D4FE63AB7CB68947F009EFD29A1FBE04743A294698BF2AE17E92C214
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'88\'cc\'d0\'d0\'eb\'41\'b6\'ce\f0 \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fc\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a1\'a3\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1028\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2980
                                                                                                                                                                                                          Entropy (8bit):6.163758160900388
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                                                                                                                                                          SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                                                                                                                                                          SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                                                                                                                                                          SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1029\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13234
                                                                                                                                                                                                          Entropy (8bit):5.125368352290407
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
                                                                                                                                                                                                          SHA1:511F5DE8A99C09EC3766C5E2494A79EACCA261C8
                                                                                                                                                                                                          SHA-256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
                                                                                                                                                                                                          SHA-512:77108E53CD58E42F847D8EF23A07723C4849DC41DBE1C3EF939B9170E75F525BEC9D210D6C1FBFEB330ECE2E77B8A8E2808730D9E6F72F5B3FE626D58B6068C6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z jej\f0\'edch afilac\'ed, v\~z\'e1vislosti na tom, kde bydl\'edte) a v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1029\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3333
                                                                                                                                                                                                          Entropy (8bit):5.370651462060085
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:16343005D29EC431891B02F048C7F581
                                                                                                                                                                                                          SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                                                                                                                                                          SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                                                                                                                                                          SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1031\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12392
                                                                                                                                                                                                          Entropy (8bit):5.192979871787938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2DDCA2866D76C850F68ACDFDB696D6DE
                                                                                                                                                                                                          SHA1:C5076F10B0F0654CDE2C990DEEB2772F3CC4844B
                                                                                                                                                                                                          SHA-256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
                                                                                                                                                                                                          SHA-512:E3A3693B92873E0B42007616FF6916304EDC5C4F2EEE3E9276F87E86DD94C2BF6E1CF4E895CDF9A1AA0CAC0B381B8840EEE1F491123E901DEE75638B8BC5CE1B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil Tahoma;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBEDINGUNGEN\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Diese Lizenzbestimmungen stellen eine Vereinbarung zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem ihrer Affiliate-Partner) dar. Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dcGEN SIE \'dcBER DIE NACHFOLGEND AUFGEF\'dcHRTEN RECHTE.\par....\pard{\pntext\f3\'B7\tab}{\*\pn\pnlvlblt\pnf3\pnindent360{\pntxtb\'B7}}\

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1031\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3379
                                                                                                                                                                                                          Entropy (8bit):5.094097800535488
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:561F3F32DB2453647D1992D4D932E872
                                                                                                                                                                                                          SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                                                                                                                                                          SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                                                                                                                                                          SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1036\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12349
                                                                                                                                                                                                          Entropy (8bit):5.108676965693909
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A6E352E5804313CCDE3E4D5DDDDE122D
                                                                                                                                                                                                          SHA1:834E3AAA07DC675589A9E5FCD23CE5586C2739E8
                                                                                                                                                                                                          SHA-256:5C13A65870D770D1642A4259EECB436257CA39016A0500F747BE9C79BE0C7009
                                                                                                                                                                                                          SHA-512:6578AC6467F61930BC1B20E404441725C63790C65AEC1ACE297429EAD15F50E68D5FE9CC1451AC86AE23DC1A7FE967650166293010D687785FB81FB4492B87C4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil\fcharset177 Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\ltrpar\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Les pr\'e9sentes conditions de licence constituent un contrat entre Microsoft Corporation (ou en fonction de votre lieu de r\'e9sidence, l\f1\rquote\f0 un de ses affili\'e9s) et vous. Ils s\f1\rquote\f0 appliquent au logiciel vis\'e9 ci-dessus. Les termes s\f1\rquote\f0 appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\f1\rquote\f0 autres termes n\f1\rquote\f0 accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT D

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1036\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3366
                                                                                                                                                                                                          Entropy (8bit):5.0912204406356905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                                                                                                                                                          SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                                                                                                                                                          SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                                                                                                                                                          SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1040\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11440
                                                                                                                                                                                                          Entropy (8bit):5.037988271709582
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BC58AD6ABB16B982AEBADC121B37E706
                                                                                                                                                                                                          SHA1:25E3E4127A643DB5DB2A0B62B02DE871359FAE42
                                                                                                                                                                                                          SHA-256:70ECF23C03B66A2B18E173332586AFA8F00F91E02A80628F4F9CB2521E27F6AC
                                                                                                                                                                                                          SHA-512:8340452CB5E196CB1D5DA6DBB3FA8872E519D7903A05331055370B4850D912674F0B6AF3D6E4F94248FE8135EB378EB36969821D711FE1624A04AF13BBE55D70
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..RUNTIME MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, tranne se accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1040\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3319
                                                                                                                                                                                                          Entropy (8bit):5.019774955491369
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D90BC60FA15299925986A52861B8E5D5
                                                                                                                                                                                                          SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                                                                                                                                                          SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                                                                                                                                                          SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1041\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30228
                                                                                                                                                                                                          Entropy (8bit):3.785116198512527
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:47C315C54B6F2078875119FA7A718499
                                                                                                                                                                                                          SHA1:F650DDB5DF2AF2EE7555C410D034B37B9DFD055B
                                                                                                                                                                                                          SHA-256:C3061A334BFD5F02B7085F8F454D5D3D97D477AF14BAB497BF31A7887BC90C5B
                                                                                                                                                                                                          SHA-512:A0E4B0FCCCFDD93BAF133C2080403E8719E4A6984237F751BD883C0D3C52D818EFD00F8BA7726A2F645F66286305599403470F14D39EEDC526DDE59228A5F261
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS PGothic;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f1\par..MICROSOFT VISUAL C++ 2015 - 2022 \f0\'83\'89\'83\'93\'83\'5e\'83\'43\'83\'80\f1\par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation\f2\'a3\'a8\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'bd\'8a\'d6\'98\'41\'89\'ef\'8e\'d0\f2\'a3\'a9\f0\'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\f2\'a1\'a3\'b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1041\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3959
                                                                                                                                                                                                          Entropy (8bit):5.955167044943003
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                                                                                                                                                          SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                                                                                                                                                          SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                                                                                                                                                          SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1042\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28393
                                                                                                                                                                                                          Entropy (8bit):3.874126830110936
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:641D926354F001034CF3F2F3B0FF33DC
                                                                                                                                                                                                          SHA1:5505107FFF6CF279769A82510276F61EA18637AE
                                                                                                                                                                                                          SHA-256:3D4E9C165CBEAB829D608106F0E96450F839FFA8ADBD755F0B51867E89DA2AE0
                                                                                                                                                                                                          SHA-512:B0339664434B096ABC26D600F7657919EF3689B4E0FDFD4EDD8E479859A51EF51BE8F05FA43E25567FFD6C1C2BCC6EF0D7A857B6D666D264C7783BAD3A383D0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'b7\'b1\'c5\'b8\'c0\'d3\f0 \par..\b0\f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1042\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3249
                                                                                                                                                                                                          Entropy (8bit):5.985100495461761
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B3399648C2F30930487F20B50378CEC1
                                                                                                                                                                                                          SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                                                                                                                                                          SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                                                                                                                                                          SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1045\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13352
                                                                                                                                                                                                          Entropy (8bit):5.359561719031494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:F140FD8CA2C63A861D04310257C1B1DB
                                                                                                                                                                                                          SHA1:7BF7EF763A1F80ECACA692908F8F0790A88C3CA1
                                                                                                                                                                                                          SHA-256:6F94A99072061012C5626A6DD069809EC841D6E3102B48394D522A0C2E3AA2B5
                                                                                                                                                                                                          SHA-512:A0BD65AF13CC11E41E5021DF0399E5D21B340EF6C9BBE9B1B56A1766F609CEB031F550A7A0439264B10D67A76A6403E41ABA49B3C9E347CAEDFE9AF0C5BE1EE6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA MICROSOFT\par..\f0 MICROSOFT VISUAL C++ \f1\'8cRODOWISKO URUCHOMIENIOWE 2015-2022 \par..\b0\f0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\f1\'b9. Postanowienia te dotycz\'b9 oprogramowania okre\'9clonego powy\'bfej. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym tow

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1045\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3212
                                                                                                                                                                                                          Entropy (8bit):5.268378763359481
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                                                                                                                                                          SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                                                                                                                                                          SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                                                                                                                                                          SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1046\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10956
                                                                                                                                                                                                          Entropy (8bit):5.086757849952268
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9A8D2ACF07F3C01E5CBC461AB932D85B
                                                                                                                                                                                                          SHA1:8781A298DCC14C18C6F6DB58B64F50B2FC6E338E
                                                                                                                                                                                                          SHA-256:27891EEC899BE859E3B4D3B29247FC6B535D7E836DEF0329111C48741EC6E701
                                                                                                                                                                                                          SHA-512:A60262A0C18E3BEF7C6D52F242153EBE891F676ED639F2DACFEBBAC86E70EEBF58AA95A7FE1A16E15A553C1BD3ECACCD8677EB9D2761CB79CB9A342C9B4252E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..TEMPO DE EXECU\'c7\'c3O DO MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Os presentes termos de licen\'e7a constituem um contrato firmado entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pn

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1046\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3095
                                                                                                                                                                                                          Entropy (8bit):5.150868216959352
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                                                                                                                                                          SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                                                                                                                                                          SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                                                                                                                                                          SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1049\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31981
                                                                                                                                                                                                          Entropy (8bit):3.6408688850128446
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:62229BE4447C349DF353C5D56372D64B
                                                                                                                                                                                                          SHA1:989799ED24913A0E6AE2546EE2A9A8D556E1CB3B
                                                                                                                                                                                                          SHA-256:1BB3FB55B8A13FA3BAFFFE72F5B1ED8B57A63BD4D8654BB6DC5B9011CE803B44
                                                                                                                                                                                                          SHA-512:FA366328C3FD4F683FDB1C5A64F5D554DE79620331086E8B4CCC2BFC2595B1FDED02CEC8AA982FCD8B13CC175D222AF2D7E2CD1A33B52F36AFD692B533FDBF13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Tahoma;}{\f3\fnil\fcharset204 Garamond;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\'d1\'d0\'c5\'c4\'c0 \'c2\'db\'cf\'ce\'cb\'cd\'c5\'cd\'c8\'df MICROSOFT VISUAL C++ 2015\f1\endash\f2 2022 \par..\b0\f0\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1049\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4150
                                                                                                                                                                                                          Entropy (8bit):5.444436038992627
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:17C652452E5EE930A7F1E5E312C17324
                                                                                                                                                                                                          SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                                                                                                                                                          SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                                                                                                                                                          SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1055\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13807
                                                                                                                                                                                                          Entropy (8bit):5.2077828423114045
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9625F3A496DBF5E3E0D2F33D417EDBBF
                                                                                                                                                                                                          SHA1:119376730428812A31B70D58C873866D5307A775
                                                                                                                                                                                                          SHA-256:F80926604E503697247353F56856B31DE0B3FC1319F1C94068363952549CC9B1
                                                                                                                                                                                                          SHA-512:DB91A14FC27E3A62324E024DD44E3B5548AF7E1C021201C3D851BD2F32537885AACFC64ADAE619BAC31B60229D1D5FC653F5301CD7187C69BD0ACECCE817D6A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset238 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 \'c7ALI\f1\'aaMA S\f0\'dcRESI \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan s\f0\'f6zle\f1\'bameyi olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\pa

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\1055\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3221
                                                                                                                                                                                                          Entropy (8bit):5.280530692056262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                                                                                                                                                          SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                                                                                                                                                          SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                                                                                                                                                          SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\2052\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18214
                                                                                                                                                                                                          Entropy (8bit):3.9837154113926356
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D083C7E300928A0C5AEA5ECBD1653836
                                                                                                                                                                                                          SHA1:08F4F1F9F7DFA593BE3977515635967CE7A99E7A
                                                                                                                                                                                                          SHA-256:A808B4933CE3B3E0893504DBEF43EBF90B8B567F94BD6481B6315ED9141E1B11
                                                                                                                                                                                                          SHA-512:8CB3FFAD879BABA36137B7A21B62D9D6C530693F5E16FBB975F3E7C20F1DB5A686F3A6EE406D69B018AA494E4CD185F71B369A378AE3289B8080105157E63FD0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0\f1\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f0 Microsoft Corporation\f1\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f0 Microsoft \f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\2052\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2978
                                                                                                                                                                                                          Entropy (8bit):6.135205733555905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3D1E15DEEACE801322E222969A574F17
                                                                                                                                                                                                          SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                                                                                                                                                          SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                                                                                                                                                          SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\3082\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10825
                                                                                                                                                                                                          Entropy (8bit):5.1113252296046126
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:873A413D23F830D3E87DAB3B94153E08
                                                                                                                                                                                                          SHA1:24CFC24F22CEF89818718A86F55F27606EB42668
                                                                                                                                                                                                          SHA-256:ABC11BB2B04DFF6AFE2D4D4F40D95A7D62E5AF352928AF90DAA3DADE58DD59BD
                                                                                                                                                                                                          SHA-512:DC1ECCB5CC4D3047401E2BC31F5EB3E21C7881C02744A2E63C10D3C911D1158DCFAC023988E873C33DC381C989304FE1D3CB27ED99D7801285C4C378553CD821
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Los t\'e9rminos de esta licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n de donde viva, una de las sociedades del grupo) y usted. Se aplican al software mencionado anteriormente. Los t\'e9rminos tambi\'e9n se aplican a los servicios o actualizaciones de software de Microsoft, excepto en la medida en que sus t\'e9rminos sean diferentes.\par..\b SI USTED CUMPLE LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE A CONTINUACI\'d3N SE DESCRIBEN.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\3082\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3265
                                                                                                                                                                                                          Entropy (8bit):5.0491645049584655
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                                                                                                                                                          SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                                                                                                                                                          SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                                                                                                                                                          SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (558), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12906
                                                                                                                                                                                                          Entropy (8bit):3.7237107259370177
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:055DD6CC2667D43E89368B6672E378C9
                                                                                                                                                                                                          SHA1:E4278D0440C2069F11735EE0AEECD9B576CB010C
                                                                                                                                                                                                          SHA-256:88EFFBF5C9EEB280C03FC8E39FDD685F91F0B95842F36FDE55DB5B759C35D68D
                                                                                                                                                                                                          SHA-512:1084EAC05F0931A7C6CA95A9AF44DE7E591DF17367AB58871B80D9C52E7208596B27F203C30EAF42DDD1913B4DC927B969CBE798CA4BA46D383A3DC427C7EB01
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...1.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .7. .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...3.8...3.3.1.3.5.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.s.". .I.d.=.".{.4.6.c.3.b.1.7.1.-.c.1.5.c.-.4.1.3.7.-.8.e.1.d.-.6.7.e.e.b.2.9.8.5.b.4.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.F.8.9.9.B.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9235
                                                                                                                                                                                                          Entropy (8bit):5.167332119309966
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:04B33F0A9081C10E85D0E495A1294F83
                                                                                                                                                                                                          SHA1:1EFE2FB2D014A731B752672745F9FFECDD716412
                                                                                                                                                                                                          SHA-256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
                                                                                                                                                                                                          SHA-512:D1DBED00DF921169DD61501E2A3E95E6D7807348B188BE9DD8FC63423501E4D848ECE19AC466C3CACFCCC6084E0EB2F457DC957990F6F511DF10FD426E432685
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\f

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\logo.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1861
                                                                                                                                                                                                          Entropy (8bit):6.868587546770907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D6BD210F227442B3362493D046CEA233
                                                                                                                                                                                                          SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                                                                                                                                                          SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                                                                                                                                                          SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2952
                                                                                                                                                                                                          Entropy (8bit):5.052095286906672
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                                                                                                                                                          SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                                                                                                                                                          SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                                                                                                                                                          SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\thm.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8332
                                                                                                                                                                                                          Entropy (8bit):5.184632608060528
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:F62729C6D2540015E072514226C121C7
                                                                                                                                                                                                          SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                                                                                                                                                          SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                                                                                                                                                          SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7F72A4BB-F25B-49C2-B870-7234F62B9ADA}\.ba\wixstdba.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):195600
                                                                                                                                                                                                          Entropy (8bit):6.682530937585544
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                                                                                                                                                          SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                                                                                                                                                          SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                                                                                                                                                          SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\DriverHub\settings.dat (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):792
                                                                                                                                                                                                          Entropy (8bit):3.362627261752087
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1DA928D27E95B9AEBAF8AA599DB28BCF
                                                                                                                                                                                                          SHA1:188CAFD6ADAF00F81447760CEBC28EB5A344C44B
                                                                                                                                                                                                          SHA-256:94055CBCE5DA9AB43FD204F968D98D71A503C0784BE5D517C318A573F5BF6664
                                                                                                                                                                                                          SHA-512:827237531A593A1DA4CF83AAA969BE74D04299394EBD30D2C52FBAC73C2F5A3BA6CECD0F105C7FBB50784735A83CFDF900E1BFD0416A94A318C916754DA16B08
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..............u.u.i.d........L.{.8.6.3.7.f.9.8.d.-.0.4.5.a.-.4.9.d.9.-.b.3.7.c.-.f.1.5.3.d.0.5.6.e.1.3.7.}... .s.e.t.t.i.n.g.s./.h.i.s.t.o.r.y.........DownloadedDriversHistory........,.s.e.t.t.i.n.g.s./.b.a.c.k.u.p.h.i.s.t.o.r.y.........BackupInfoHistory........0.l.a.s.t.R.e.c.o.m.m.e.n.d.e.d.T.a.b.U.p.d.a.t.e..........%=.........*.l.a.s.t.P.o.p.u.l.a.r.s.T.a.b.U.p.d.a.t.e..........%=...........l.a.n.g..........e.n...2.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.s.e.r.v.e.r............8.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.r.o.x.y.T.y.p.e..............c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.o.r.t............6.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.a.s.s.w.o.r.d............0.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.l.o.g.i.n..............a.p.p.V.e.r.s.i.o.n..........1...3...1.2...1.6.7.9

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\DriverHub\settings.dat.kyGmrP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):792
                                                                                                                                                                                                          Entropy (8bit):3.362627261752087
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1DA928D27E95B9AEBAF8AA599DB28BCF
                                                                                                                                                                                                          SHA1:188CAFD6ADAF00F81447760CEBC28EB5A344C44B
                                                                                                                                                                                                          SHA-256:94055CBCE5DA9AB43FD204F968D98D71A503C0784BE5D517C318A573F5BF6664
                                                                                                                                                                                                          SHA-512:827237531A593A1DA4CF83AAA969BE74D04299394EBD30D2C52FBAC73C2F5A3BA6CECD0F105C7FBB50784735A83CFDF900E1BFD0416A94A318C916754DA16B08
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..............u.u.i.d........L.{.8.6.3.7.f.9.8.d.-.0.4.5.a.-.4.9.d.9.-.b.3.7.c.-.f.1.5.3.d.0.5.6.e.1.3.7.}... .s.e.t.t.i.n.g.s./.h.i.s.t.o.r.y.........DownloadedDriversHistory........,.s.e.t.t.i.n.g.s./.b.a.c.k.u.p.h.i.s.t.o.r.y.........BackupInfoHistory........0.l.a.s.t.R.e.c.o.m.m.e.n.d.e.d.T.a.b.U.p.d.a.t.e..........%=.........*.l.a.s.t.P.o.p.u.l.a.r.s.T.a.b.U.p.d.a.t.e..........%=...........l.a.n.g..........e.n...2.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.s.e.r.v.e.r............8.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.r.o.x.y.T.y.p.e..............c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.o.r.t............6.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.a.s.s.w.o.r.d............0.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.l.o.g.i.n..............a.p.p.V.e.r.s.i.o.n..........1...3...1.2...1.6.7.9

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\DriverHub\settings.dat.lock

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):62
                                                                                                                                                                                                          Entropy (8bit):4.259138505067507
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:C5B41F19EE6DD670291B1CE71A7F62D8
                                                                                                                                                                                                          SHA1:8174681F0C979B3E027E4F7780CBD01BD4C9A6D9
                                                                                                                                                                                                          SHA-256:7822922D4AEC9D821EEB04FCF5645AF0C15FF2C40F0CDF6926C3062D86825FF2
                                                                                                                                                                                                          SHA-512:65F9B4D07C072136CE9A33C47A21C8AF47637E5F087011CF9D97EA8FD36A3F4E2A5CEBB7BDC121ED2EDD90C3085B27129991E8B4808DDA8A8D7E338D649F17B8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:4748.DriverHub.computer.11389406-0377-47ed-98c7-d564e683c6eb..

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverHub.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Aug 14 09:39:52 2024, mtime=Wed Aug 14 09:40:00 2024, atime=Wed Aug 14 09:39:52 2024, length=7722672, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2082
                                                                                                                                                                                                          Entropy (8bit):3.3946904586737423
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:0B61421FC2BBF9CFD4BB1D297501B113
                                                                                                                                                                                                          SHA1:A087C7C3201AEB88BA8F9D6DB4B34AF52B726822
                                                                                                                                                                                                          SHA-256:17A641B98CFADB078E1AEF10B0EC0927A5A18F09C53D727840E58F65F9FD87CF
                                                                                                                                                                                                          SHA-512:BC7553F0EC2230061CD1EAE0E13EE42039C73B1EC92C259A6922A32EA92B742D56AA19D24149B25701AC8CCE2D33BD12C6BBD29DD1EF1C1B19EB9949964C8050
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:L..................F.@.. ...O).K6....e.P6....:.K6.....u..........................P.O. .:i.....+00.../C:\.....................1......Y.T..PROGRA~2.........O.I.Y.T.... t..............V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1......Y.U..DRIVER~1..D.......Y.T.Y.U.....Z....&................-..D.r.i.v.e.r.H.u.b.....h.2...u..Y.T .DRIVER~1.EXE..L.......Y.T.Y.T....qj.....................~..D.r.i.v.e.r.H.u.b...e.x.e.......]...............-.......\...........h..}.....C:\Program Files (x86)\DriverHub\DriverHub.exe..&.A.u.t.o.m.a.t.i.c.a.l.l.y. .f.i.n.d. .a.n.d. .i.n.s.t.a.l.l. .d.r.i.v.e.r.s.C.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r.H.u.b.\.D.r.i.v.e.r.H.u.b...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r.H.u.b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r.H.u.b.\.D.r.i.v.e.r.H.u.b...e.x.e.........%ProgramFiles%\DriverHub\DriverHub.exe..............

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                          Entropy (8bit):3.3454618442383204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:C8822E1761F3EB4B8E97C66A4DFEC3B5
                                                                                                                                                                                                          SHA1:D730191F18240C9C0B35B114BD204DE95252640F
                                                                                                                                                                                                          SHA-256:8D7CEED4D419F1EEED1D916CEA14B630633E71BF68648A852A72D72358B2966A
                                                                                                                                                                                                          SHA-512:EB3FB8A3A466B9424299A4251E50636EA6529D017F51BEE6C71D17ADC582F4134F3EA62103CD5BCFFF5E2A73D54CF34D88C9D0E78951C1EED7C9B1A574B1D56B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:sdPC....................Y^5o.ODD.R...y.P

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Unknown Organization\DriverHub.dat (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):220
                                                                                                                                                                                                          Entropy (8bit):2.880915849721718
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:EAABF12583363A451ADD86042735A034
                                                                                                                                                                                                          SHA1:6F091C41FBCC0DFAFA532C048E09A7B2A785922F
                                                                                                                                                                                                          SHA-256:C3922207C8C01D54C032DC40746E170BAA511D8B6DA912D97CF88F054F0D88D4
                                                                                                                                                                                                          SHA-512:0925FB5A4DF3D4B4EAD502F3E061EAF6ED8FFD954238C4A81E1495C2965764BEFFA3B859C6BB4BDEAF99FBEC2A2CE108AFCB8934AB4CACD42A104EE7014B2175
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..............w.i.d.t.h..............s.i.d.e.b.a.r.W.i.d.t.h.....@T...........s.i.d.e.b.a.r.V.i.s.i.b.l.e...........s.i.d.e.b.a.r.S.p.l.i.t.....@V.33334.....h.e.i.g.h.t..............f.a.v.o.r.i.t.e.F.o.l.d.e.r.s.........

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Unknown Organization\DriverHub.dat.lock

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):62
                                                                                                                                                                                                          Entropy (8bit):4.259138505067507
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:C5B41F19EE6DD670291B1CE71A7F62D8
                                                                                                                                                                                                          SHA1:8174681F0C979B3E027E4F7780CBD01BD4C9A6D9
                                                                                                                                                                                                          SHA-256:7822922D4AEC9D821EEB04FCF5645AF0C15FF2C40F0CDF6926C3062D86825FF2
                                                                                                                                                                                                          SHA-512:65F9B4D07C072136CE9A33C47A21C8AF47637E5F087011CF9D97EA8FD36A3F4E2A5CEBB7BDC121ED2EDD90C3085B27129991E8B4808DDA8A8D7E338D649F17B8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:4748.DriverHub.computer.11389406-0377-47ed-98c7-d564e683c6eb..

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Unknown Organization\DriverHub.dat.sbUUPm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):220
                                                                                                                                                                                                          Entropy (8bit):2.880915849721718
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:EAABF12583363A451ADD86042735A034
                                                                                                                                                                                                          SHA1:6F091C41FBCC0DFAFA532C048E09A7B2A785922F
                                                                                                                                                                                                          SHA-256:C3922207C8C01D54C032DC40746E170BAA511D8B6DA912D97CF88F054F0D88D4
                                                                                                                                                                                                          SHA-512:0925FB5A4DF3D4B4EAD502F3E061EAF6ED8FFD954238C4A81E1495C2965764BEFFA3B859C6BB4BDEAF99FBEC2A2CE108AFCB8934AB4CACD42A104EE7014B2175
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..............w.i.d.t.h..............s.i.d.e.b.a.r.W.i.d.t.h.....@T...........s.i.d.e.b.a.r.V.i.s.i.b.l.e...........s.i.d.e.b.a.r.S.p.l.i.t.....@V.33334.....h.e.i.g.h.t..............f.a.v.o.r.i.t.e.F.o.l.d.e.r.s.........

                                                                                                                                                                                                          C:\Windows\Installer\9e52e2.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.37750026266588
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                                                                                                                          SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                                                                                                                          SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                                                                                                                          SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\9e52ed.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.37750026266588
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                                                                                                                          SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                                                                                                                          SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                                                                                                                          SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\9e52ee.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.383378429526644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                                                                                                                          SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                                                                                                                          SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                                                                                                                          SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\9e52f1.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.383378429526644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                                                                                                                          SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                                                                                                                          SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                                                                                                                          SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\MSI53DC.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9339
                                                                                                                                                                                                          Entropy (8bit):5.671175972425265
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A55B6B8F2461CE359FF7A98B985ED9DC
                                                                                                                                                                                                          SHA1:2D5230CDF94D5CF51B4E8645B23D42B1ED3D259E
                                                                                                                                                                                                          SHA-256:C1E9A1E02BE6EE3C27298F9246DCD634999FD427056F9DF9CC3BC87D150A7905
                                                                                                                                                                                                          SHA-512:751EE09FF8629EF6C2D14C7234177E09BC93A821EB5CCFDF544DD2E138240A475BF924278B27FA4B4279681E07C387B3E304CD22C30AD03FEE30CDE637658760
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...@IXOS.@.....@.5.Y.@.....@.....@.....@.....@.....@......&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7};.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135..vc_runtimeMinimum_x86.msi.@.....@o.&..@.....@........&.{83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X86\Version.@.......@.....@.....@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}$.C:\Windows\SysWOW64\vcruntime140.dll.@.......@.....@.....@......&.{F4F89385-AC80-4040-ADA6-06D37B69832E},.C:\Windows\SysWOW64\vcruntime140_threads.dll.@.......@.....@.....@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3} .C:\Windows\SysWOW64\msvcp140.dll.@.......@.....

                                                                                                                                                                                                          C:\Windows\Installer\MSI5757.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9096
                                                                                                                                                                                                          Entropy (8bit):5.651247395380705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4624BB8D5AAD360E669D832036785427
                                                                                                                                                                                                          SHA1:95032F1FC3F7553370F74FA6A3AA125D076C433F
                                                                                                                                                                                                          SHA-256:DF1E15DA24DCA9CCAF63AEFB210AC09F8779EC4F66D5069A2C8F16271A452F2E
                                                                                                                                                                                                          SHA-512:492FD22A89F69E94B9194032ACF03AED049000A39BCA8720BEB6FE59023B287B4F9B08ABBE3CE732A3EB71AB0CF0152AB4CD558A25192D4A7D86D63FC55B5357
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...@IXOS.@.....@.5.Y.@.....@.....@.....@.....@.....@......&.{9C19C103-7DB1-44D1-A039-2C076A633A38}>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135..vc_runtimeAdditional_x86.msi.@.....@o.&..@.....@........&.{29E9ACD5-6C1B-48C9-A316-358656F83B42}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X86\Version.@.......@.....@.....@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}..C:\Windows\SysWOW64\mfc140.dll.@.......@.....@.....@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}..C:\Windows\SysWOW64\mfc140u.dll.@.......@.....@.....@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}..C:\Windows\SysWOW64\mfcm140.dll.@.......@.....@.....@....

                                                                                                                                                                                                          C:\Windows\Installer\SourceHash{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.2077827625271635
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:8777896352CFB3570AEEE7909D012063
                                                                                                                                                                                                          SHA1:C28BC6FDF86B225B1B4FFDB3450B562A2A166901
                                                                                                                                                                                                          SHA-256:359D41E2B1B135620D2B5891E694DDD2BE7C6A3F2F979555E8D89F6C02E7F186
                                                                                                                                                                                                          SHA-512:D4714ADF403C71B488DEC1EAC2D81F59803DBA18073878F589F5EA1921711AFA92E8DCD4ABC7B44159166908B094C9661BFA5F82846BD219CFE74EC04E4CE970
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\SourceHash{9C19C103-7DB1-44D1-A039-2C076A633A38}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.208617209586671
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3A18434DD6EF728EDCBB87AB33EEE654
                                                                                                                                                                                                          SHA1:DD656BDE7B24C4A9F31B08D7AEA5DAAE37B73BA8
                                                                                                                                                                                                          SHA-256:869CC14DB031C8362D6C0F218AA41F9A440C7C68E8A6EBAA38B7F2BEBFEB46E1
                                                                                                                                                                                                          SHA-512:7967C38DBB896AAACA2B3FADCDEE6F8B8C55EF8C24F78E5693AD4006F48D7F82B6F98C8E474AF8528BD15D338A154F60F82F87A09023425D86EC5C64825CB697
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.5315712556143517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:26CEF42446593D466AB69CE0241B639D
                                                                                                                                                                                                          SHA1:84DDB07D4CBE7F8BA79610D9C7BAC8ECDD2B7A16
                                                                                                                                                                                                          SHA-256:B3CD2DC0FB7EBDE65E9F102FE5912DE0AD953E2DE27C4E7CB3A54E083820F4CD
                                                                                                                                                                                                          SHA-512:55B92CEA2A51C1EEFDAD5C36B1CACFC5C33FFB8D4CC86305814A3F98AB7426CC9FB6494AD2FE83045681D0E7B3EFB8A735D47FABF7DFAE169964D2B2E4E185C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1015442
                                                                                                                                                                                                          Entropy (8bit):5.410227313173472
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1D48BA6F2E69CBBE823D9A9F5FD414EA
                                                                                                                                                                                                          SHA1:E027C3B134CB087CF6E1DD770ED82457762C73C1
                                                                                                                                                                                                          SHA-256:9EB6D37CC91A881771DE992B9C8875BDB69119D43F2B25293D2C726F09A779E5
                                                                                                                                                                                                          SHA-512:40E25809FE13163ABDBEB8AAA1D61912D01B29F41B67077C34AEDA2684F9EB4BC115EBF6DA6ED248AC5FFA57719BFA38348D0423AB2B9C6BAF2D5BB6E17E8427
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 09:59:37.236 [4684]: Command line: D:\wd\compilerTemp\BMT.i51yo0aa.beh\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 09:59:37.255 [4684]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 09:59:37.299 [4684]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 09:59:37.299 [4684]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 09:59:37.299 [

                                                                                                                                                                                                          C:\Windows\SysWOW64\concrt140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):257616
                                                                                                                                                                                                          Entropy (8bit):6.701518252422076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3D0EA6BA3551AEC4717AB2827319A741
                                                                                                                                                                                                          SHA1:E1273BA1B3D6CDBF93C99B115EF8ACCD84568718
                                                                                                                                                                                                          SHA-256:1573721C06F70D779F5AEBA175C039202069DA15D8526C3CE0C19B8C7FA985B1
                                                                                                                                                                                                          SHA-512:BADE3D768BF435C0ADD77BA377866A59146D22E102932FBEAB08FC10B27B9F5BCC5375ED26EE48847FB57649D706FF2AD6192895780C6924E34CAA7FCCA3514A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z[.s)[.s)[.s)..r(Y.s)R..)Q.s)].r(^.s)[.r).s)].w(P.s)].p(\.s)].v(..s)].s(Z.s)]..)Z.s)].q(Z.s)Rich[.s)........PE..L...+............."!...&.&...x..............@......................................Jc....@A.............................K.. ...........................PP.......*...;..T...........................(;..@............................................text...\$.......&.................. ..`.data....4...@...2...*..............@....idata...............\..............@..@.rsrc................n..............@..@.reloc...*.......,...r..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4841880
                                                                                                                                                                                                          Entropy (8bit):7.037865881588186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:968006878A0703C6D528C315AAA64E92
                                                                                                                                                                                                          SHA1:EDCC9FBA54F81ABB6162C6FEC2A56AE0472EDF68
                                                                                                                                                                                                          SHA-256:20F9A3BDBE5981EE42E2665623BFE342BFAC18BA7209E889ABDA2FE88AD7EC3D
                                                                                                                                                                                                          SHA-512:961D49A5529F833A03FC3A117EE4379D9AD8F17C2780A42796D9C775577CA31A5CFD4E66C0FDDE6DA3E41AF0E0B2DB655ADAB32E5041107EE31F169FF1C45CFB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.....y...y...y..|...y..~...y..}...y.......y..ix...y..i}...y..iz...y..x...y...x...y..i|...y..ip..y..iy...y..i....y..i{...y.Rich..y.........PE..L...v............"!...&.^/..n........*......p/...............................J.......J...@A.................................]0.......0.`.............I..O...`F.....?..T...........................@4..@............P0.....h|.......................text....\/......^/................. ..`.data...$....p/......b/.............@....idata...T...P0..V....0.............@..@.didat........0......Z0.............@....rsrc...`.....0......^0.............@..@.reloc......`F.......E.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140chs.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):51280
                                                                                                                                                                                                          Entropy (8bit):6.318544681380016
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:FB70AD75D602984A07427BB47DF41DFA
                                                                                                                                                                                                          SHA1:38AFD8EA3364670FFA148E8FA0A886D882806B22
                                                                                                                                                                                                          SHA-256:0138CC6A774EAB4AA3745F35F8C1551691892F5C39D9DCFF287B65B02715F74D
                                                                                                                                                                                                          SHA-512:15DC82046276766B1E10B237254184583A37676C4A526123E1D7CB6390A95CD0EC3469FDB4093F16C8676B0EE4876FE41C61D6B67B67C70EF9C2D85B8468AF0A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L................"!...&.....v......................................................K.....@.......................................... ...s...........x..PP..............T............................................................................text...P...........................@..@.rsrc....s... ...t..................@..@...............T...l...l..................l..........................$...,...,...........................RSDSm.....XN.C..yR....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140CHS.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ...m.....XN.C..yR.8....7...=5...........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140cht.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):51280
                                                                                                                                                                                                          Entropy (8bit):6.351909249754834
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:074D25DA33A285E836E57B3AD5E9BE03
                                                                                                                                                                                                          SHA1:9AC12AD02F6EB317EB2C1C5538E6A738F573026E
                                                                                                                                                                                                          SHA-256:85B4BEE99F4214F67230AF2A2E456F0F07C22791468F488D6FDCBE6FE168E1AB
                                                                                                                                                                                                          SHA-512:1EE9467379AA7074F1F9B14B44A739E50C650DF79EF17B76F4467A56A3D6A2AD2BE224EDE16331895B047EDE102DEB4E4F3D4A4DCB10A215C47F8D5362B492B8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...jZ............"!...&.....v......................................................].....@.......................................... ..8s...........x..PP..............T............................................................................text...P...........................@..@.rsrc...8s... ...t..................@..@....jZ..........T...l...l.......jZ..........l...............jZ..........$...,...,...........................RSDS....=?..ZNf........D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140CHT.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... .......=?..ZNf.....,E..(..+*.JjZ..........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140deu.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):79840
                                                                                                                                                                                                          Entropy (8bit):4.98555855763647
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:AF28BE398C058FF622DFBDFB0925DFB4
                                                                                                                                                                                                          SHA1:E92A9588DF07463A4D1E9AB72AC5FE7D4A12B139
                                                                                                                                                                                                          SHA-256:91E58759C63DFD325C38B25C44395333FFEE3010A19FD43CF0B3A37706180B1F
                                                                                                                                                                                                          SHA-512:6745745B8905E76438012C5C28A149AA5A406B32C07E0E9961B8C54D32768C47FF3521AAED7F0A7D9CBA70835FFA579A98D91D4CE2BD5C6593E30A3733ADAE7C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L....U.........."!...&..................................................................@.......................................... ..0................O..............T............................................................................text...P...........................@..@.rsrc...0.... ......................@..@.....U........T...l...l........U........l................U........$...,...,...........................RSDS........e3.L.....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140DEU.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ...........e3.L...".u........U........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140enu.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):70224
                                                                                                                                                                                                          Entropy (8bit):5.147993943292643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:DADB101E49A2CD1F0451AA7762D4B83C
                                                                                                                                                                                                          SHA1:E2DDB718652E3276244F16BE562E07925ED2623A
                                                                                                                                                                                                          SHA-256:5EE1FE1A80A2294DB5719502D1E089B0B18AB202B617157D114039789A9A396E
                                                                                                                                                                                                          SHA-512:C16B9B52B0CB1A0CB127D040681A0381236121BA33EB2DA3AD728109EA79C0B335CAF8FB7912AF050409D0FB5690C959C9113EF26E98FBEA4E9C5BD1173AC8AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L................."!...&.............................................................^....@.......................................... ..................PP..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@................T...l...l...................l...........................$...,...,...........................RSDS\..V....4O(...n.....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140ENU.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1..0....rsrc$02.... ...\..V....4O(...n.....d.,t.t..............................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140esn.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):78816
                                                                                                                                                                                                          Entropy (8bit):4.965207644229018
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:808433A96FD0473B48EE41807E83080B
                                                                                                                                                                                                          SHA1:36B08BA26CCBFDE65C45BD7E145E29EA92B9FC5C
                                                                                                                                                                                                          SHA-256:A9279F19BF76416A7A2BFD9C0642D8652BC55151E0D7467F173470BFD0275CC0
                                                                                                                                                                                                          SHA-512:4508E24519258188F5A4370C980D6F79EE185A20C7CA2180E1DB48A86A1B93CB50B6652080B613EF81D443806756BFEA994746704B6B053A501F4BCD2BE10D8D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L......M.........."!...&............................................................-.....@.......................................... ...................O..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@.......M........T...l...l..........M........l..................M........$...,...,...........................RSDS.....m|.. ..y......D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140ESN.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1..`....rsrc$02.... ........m|.. ..y..4./.t}/.gQM...M........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140fra.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):79976
                                                                                                                                                                                                          Entropy (8bit):4.976328786867478
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:436171AEF87B307673BCDCB7202DBE97
                                                                                                                                                                                                          SHA1:5E9098546ADBE10C7CED411A64C18343F7280F0E
                                                                                                                                                                                                          SHA-256:7013BF84EDD1B99B705A2FC9FBF78314C9A029EDB77C097F290116C6EC40AD6D
                                                                                                                                                                                                          SHA-512:E0B9D8EAD571175627A02295C1E18B405F75D4F828F5CAC53F7FAE731C438034201B335FEB3B8346C20C55CBAA308E3A1118A0D5BA655F6B83B53E7A1316006C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L....b............"!...&.............................................................U....@.......................................... ..x...............hP..............T............................................................................text...P...........................@..@.rsrc...x.... ......................@..@.....b..........T...l...l........b..........l................b..........$...,...,...........................RSDS...~[......P......D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140FRA.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ......~[......P.........`.e$.b..........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140ita.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):77936
                                                                                                                                                                                                          Entropy (8bit):4.97984716808543
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:EC1A565CC69D83ADD23FE170CF151438
                                                                                                                                                                                                          SHA1:81C76303AEF42002359DBB6F85CDD9CD71E1AD87
                                                                                                                                                                                                          SHA-256:46DD968B20EE4AF1DF54DF26EE71CA4E22FEC3A08A50891FFC9041440AB3B47B
                                                                                                                                                                                                          SHA-512:E025AD07AB96263EE0F99EF6337625F6609AF41AF62BB99DA90528533894C74D6F3DB3ED3870A0E72CED50A156428F01ED2101A6A1E9039D924DDC437CA6ED17
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L....X.........."!...&..................................................................@.......................................... ..X...............pP..............T............................................................................text...P...........................@..@.rsrc...X.... ......................@..@.....X........T...l...l........X........l................X........$...,...,...........................RSDSy.0{.y.P............D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140ITA.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ...y.0{.y.P...........\".O.....X........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140jpn.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):58848
                                                                                                                                                                                                          Entropy (8bit):6.147967055664089
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:73E3D2A7CBA6E84F612D7F3983DA672A
                                                                                                                                                                                                          SHA1:F53319BD699998E2267FD0782BD48F187151FFFA
                                                                                                                                                                                                          SHA-256:14321F9C9BA3C2C86CE1AA59D9FD6C9768093384C14DA61F74CE1BA1B85CFBCB
                                                                                                                                                                                                          SHA-512:AE15BFBAB4AFE8D944003DD394A3B12631EA637BCBAF31D50EAF49B246851EEA644ADA90C0F6DE4B62FA24AD0F82F856A0AF32FA5A0D22C95D1C5230EF7C775E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...s.*..........."!...&.................................................................@.......................................... ...................O..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@....s.*.........T...l...l.......s.*.........l...............s.*.........$...,...,...........................RSDSy.+...Y'.2/.........D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140JPN.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1..p....rsrc$02.... ...y.+...Y'.2/......S..C..@...-s.*.........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140kor.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):58368
                                                                                                                                                                                                          Entropy (8bit):6.266737380122467
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5BE605895182F3D21CAE9F57747AC7AB
                                                                                                                                                                                                          SHA1:72BF3A00F28A6EB5755A09C80AE06BC69F61EBDC
                                                                                                                                                                                                          SHA-256:7A9B45A779C411F4CD46C91EBE45271D814DDE2F7678B694A8364B11E571EE1D
                                                                                                                                                                                                          SHA-512:F7FE5A3684C541E2AF9979716EC8C9068ED8B656B14BC9B689B2BB639E48355ED4002F1F2BD2A4EC160D9B36AA0E35785831AB624FE3C0FFA54E720F955F103D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...2............."!...&..................................................................@.......................................... ...................P..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@....2...........T...l...l.......2...........l...............2...........$...,...,...........................RSDS..HE5.&...9-.uH1....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140KOR.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1...~...rsrc$02.... .....HE5.&...9-.uH1.1...y&....+2...........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140rus.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):75856
                                                                                                                                                                                                          Entropy (8bit):5.5033560387700735
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A0A589DDE7A2A4FA6097323175FA70F7
                                                                                                                                                                                                          SHA1:E8F3FF09F4F08CEFF009658E7AF2D7ABFDF5DDC0
                                                                                                                                                                                                          SHA-256:7EF466D7D1803DEB0F63E021F58A780385DFAC3F3C286EE2C1E6DBFC5D54A424
                                                                                                                                                                                                          SHA-512:8C921A033C4D3B6874E0C270E2D46154BDF4083087FF179F9750A07E7E7839889A858BB453C39817F72F557F3A50A3AAB753DCA9F17E272A892F49782387A9B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...vq............"!...&............................................................. ....@.......................................... ..................PP..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@....vq..........T...l...l.......vq..........l...............vq..........$...,...,...........................RSDSl...k;.6a.{2.!!....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140RUS.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.. ....rsrc$02.... ...l...k;.6a.{2.!!.%.(..m....vq..........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfc140u.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4869496
                                                                                                                                                                                                          Entropy (8bit):7.023063738664024
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:EC9829B23C2E5A7029AC2F9F81924EFA
                                                                                                                                                                                                          SHA1:9B7400EE4282E4655C0CD5F54C41D3AE14095434
                                                                                                                                                                                                          SHA-256:28EB2E4DE14C90B303E13EAFF2E65A4D57E4F5E220BD34CEB858D745A02BDF94
                                                                                                                                                                                                          SHA-512:7B2831CA2CDE03F3F12240AE5F18386BBC1D6DA2B66A550515800E8A1947BC64F077EAF498E63CC3E1CAF39986CFEEB886F43562C0D451D8C54C196F4AF58662
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W.M.9.M.9.M.9..<.L.9..>.L.9..=.W.9.D...Y.9.Ki8.O.9.Ki=.A.9.Ki:.G.9..8.^.9.M.8..9.Ki<.Z.9.Ki0...9.Ki9.L.9.Ki..L.9.Ki;.L.9.RichM.9.........PE..L...z............."!...&../..p.......*+......./...............................J.....V.J...@A........................P...L.....0......@1.`.............I.xO....F.\.......T............................5..@.............0..............................text...../......./................. ..`.data........./......./.............@....idata..JS....0..T...p0.............@..@.didat.......01.......0.............@....rsrc...`....@1.......0.............@..@.reloc..\.....F......`F.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfcm140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):86640
                                                                                                                                                                                                          Entropy (8bit):6.569726153977617
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:ABF14CC1A720FF3968911F6FD2E6DD7E
                                                                                                                                                                                                          SHA1:175ADE2E220DE9BF6C1595F9FF4A1E910F9B8C99
                                                                                                                                                                                                          SHA-256:B6C3F35ABC2ED9B44CAEFEF8846A26C05D10B3619E298625B4D7891B16D8A539
                                                                                                                                                                                                          SHA-512:AF0C6BEB089365A19181B27AA6C45656F409AFC36E1C76DCDB74DFDE70DFA75C8AD66442C4F94482A0BEBE96CCA4297E58FAABE2E92B77CEF77BBB1A1C538AAE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qT.}...}...}.......}.../...}.......}.......}.......}.......}.......}...}..~}.......}.......}.......}.......}..Rich.}..........................PE..L.....!..........."!...&.@...........N.......P...............................0............@.........................p.......0...........................pP... ..P...pU..T............................T..@............P..(............R..H............text...U?.......@.................. ..`.rdata..d....P.......D..............@..@.data...L...........................@....rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\mfcm140u.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):86608
                                                                                                                                                                                                          Entropy (8bit):6.568249206613143
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:F0CE2D4BE2A728B2767E3F5100DDE8CA
                                                                                                                                                                                                          SHA1:124CFABF98D386F47E3D73EBDD4960DFF8B20864
                                                                                                                                                                                                          SHA-256:EEA420619FBDCA1468DFA825E832BA14A21DC0402EBE90E75DDF3903DF4B8C61
                                                                                                                                                                                                          SHA-512:67543A966A31163D78C23BE4B83300F211A23F3B0DB61A6E3707F6106FEC0462C67D1898C8D086A1B7A59F89A0E089140AB163B666A21E9A7311DD0C5F856D7F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qT.}...}...}.......}.../...}.......}.......}.......}.......}.......}...}..~}.......}.......}.......}.......}..Rich.}..........................PE..L....3.+.........."!...&.@...........N.......P...............................0......t*....@.........................p.......0...........................PP... ..P...pU..T............................T..@............P..(............R..H............text...U?.......@.................. ..`.rdata..d....P.......D..............@..@.data...L...........................@....rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\msvcp140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):446840
                                                                                                                                                                                                          Entropy (8bit):6.690279428020546
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:C766CA0482DFE588576074B9ED467E38
                                                                                                                                                                                                          SHA1:5AC975CCCE81399218AB0DD27A3EFFC5B702005E
                                                                                                                                                                                                          SHA-256:85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
                                                                                                                                                                                                          SHA-512:EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\msvcp140_1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33360
                                                                                                                                                                                                          Entropy (8bit):6.931135692044243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B262A68778D6117D77DFD88A7F43CA44
                                                                                                                                                                                                          SHA1:839DE1D7BCFB4D91736707194B5F94BFF9285AFC
                                                                                                                                                                                                          SHA-256:A7ED4A417F0C50578F2CA2C5106004DD82F78DD3658A852B37147FC362716667
                                                                                                                                                                                                          SHA-512:4F417D12A86D19773D47BDD50D97BF975EADDF1DBBDFF72EA6EA9BA164E47503CD4BB4FFD9C308567EC1CE0A23C024C24BD8647AAFB68CEC4F747CE668296E28
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B.I.,.I.,.I.,.-.K.,.@...M.,.OP(.C.,.OP/.H.,.I.-.a.,.OP-.L.,.OP).].,.OP,.H.,.OP..H.,.OP..H.,.RichI.,.................PE..L......+.........."!...&............@........0...............................p.......b....@A.........................*..J....@..x....P...............2..PP...`..x.......T...........................X...@............@...............................text............................... ..`.data........0....... ..............@....idata.......@.......$..............@..@.rsrc........P.......*..............@..@.reloc..x....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\msvcp140_2.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):250880
                                                                                                                                                                                                          Entropy (8bit):6.801697899047771
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:60BF20C3CC7A98169465CD85EE833D67
                                                                                                                                                                                                          SHA1:D562FD487CDBA1EEBAD05D39DF4E143ACD9A50F1
                                                                                                                                                                                                          SHA-256:3EEE52D6389E9F12FA38F71247656C414BA675A96F7FA9987ED598F5963711DB
                                                                                                                                                                                                          SHA-512:D7A7859A86EECAADFDF6F5001595A331F5FDEC16112C5B9B6A314EB55C9EF49966A74F45E4EAA9912B0F2FD76E867C2AAAD4698B396989EB6532AFE53E4E8F67
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>H..P...P...P.u.Q...P.......P..sT...P..sS...P...Q...P..sQ...P..sU...P..sP...P..s....P..sR...P.Rich..P.................PE..L...~.b.........."!...&.....~............... ......................................q.....@A............................@....Q.......`...................P...p...A...N..T........................... N..@............P...............................text...P........................... ..`.data...H&... ...$..................@....idata..6....P......................@..@.rsrc........`.......>..............@..@.reloc...A...p...B...B..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\msvcp140_atomic_wait.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46672
                                                                                                                                                                                                          Entropy (8bit):6.857457630149837
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:C1FF4738F68A0570720F695B5A4837B9
                                                                                                                                                                                                          SHA1:C7BA41BA8049409D2EA5A3B4DABC2499837CD60F
                                                                                                                                                                                                          SHA-256:1B940CE6E0791B41538F475FF97FCD04156C2CAB924557199B57736D7EA510D5
                                                                                                                                                                                                          SHA-512:EDB1FD8EFB8B45474F43472A88A404329C0E756E1EFD9F3FB1EF2C800CDF64BA705CC7A339650CF0E2978E8D38FE42A16CCC86FAAF6630986E3E2E01BB03E632
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.:...i...i...iJf.h...i.l.i...i...h...i...h...i...i...i...h...i...h...i...h...i..ei...i...h...iRich...i................PE..L....9..........."!...&.J.......... E.......`............................... ............@A........................`S..D............................f..PP......\.......T...............................@............................................text....H.......J.................. ..`.data...<....`.......N..............@....idata...............P..............@..@.rsrc................Z..............@..@.reloc..\............`..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30288
                                                                                                                                                                                                          Entropy (8bit):6.991930067735414
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D90414F90993F195846C25140D47566B
                                                                                                                                                                                                          SHA1:3D3EF684D63BC62EEF8CBE09EAF0EE88159FC17C
                                                                                                                                                                                                          SHA-256:AF5645D93635823702F00E12C0C8D68EEA5D2F20EDCEBFDCF5E076E50A9CB64A
                                                                                                                                                                                                          SHA-512:BD4D3E4681D766449F743A924783154A5916A85FFB72F2F0EF43EBBF8380869D58CED6F56E31534F8B70FEBD4EF5DE47A9B1760478966C5D26ACCD7173FDE45F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..[.....................\......i...............i.......i.......i.......i.......i0......i......Rich............PE..L.....8.........."!...&............@........0...............................p.......=....@A........................."../...p@..P....P...............&..PP...`..L.......T...........................H...@............@..h............................text............................... ..`.data........0......................@....idata..x....@......................@..@.rsrc........P......................@..@.reloc..L....`.......$..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\vcamp140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):364656
                                                                                                                                                                                                          Entropy (8bit):6.4963913214508
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:6FAC04851CDA0F5F63714F3BDB7B17B8
                                                                                                                                                                                                          SHA1:FF48AA1E6F53C21966AA55219C9BB168139599BF
                                                                                                                                                                                                          SHA-256:8C94D1F200CCFA079EDD1993BDD355BC994F19D7889E46EB2D87B547BBE17AC9
                                                                                                                                                                                                          SHA-512:8B182D6CC1C8E1B165CA1A06019244F3FEBCA47E47FFDE59DAFC44FE48D01915E845BB9ED0F445A40BAB634400BAB78FEA9521FC42CA9F30FF996E6AF673A6DE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../.w./.w./.w.&..#.w.)3v.).w.)3r.2.w.)3s.$.w.)3t.'.w...v.".w./.v...w.)3~.#.w.)3w...w.)3....w./....w.)3u...w.Rich/.w.........PE..L....i.M.........."!...&............`).......................................p............@A.........................m..47......@.......8$...........@..pP...0...>...h..T....................i.......g..@...............x............................text.............................. ..`.data...L+.......(..................@....idata..............................@..@.rsrc...8$.......&..................@..@.reloc...>...0...@..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\vccorlib140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285296
                                                                                                                                                                                                          Entropy (8bit):6.61257647545177
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:934C75ADFF9036378FD34F526C6641A1
                                                                                                                                                                                                          SHA1:0B9572EBE4FC49EF2DEF824327EFCAF9C9B90DAF
                                                                                                                                                                                                          SHA-256:B4652ED190EEBF59D4CA8BB340CADFBCFBB7A32ABB893D57AC49B1F22CFA0861
                                                                                                                                                                                                          SHA-512:A00B1BF0F10437A680C332E2FCE287C194B3CF666E985ACF047CEBE755596B15F99BAD5252B6A2244AE8805E24218ACA2A898E63C28CCF515D75232410ADD6E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s...........j&........................N`......................J.........Rich....................PE..L...~..w.........."!...&.*.......... ........@...............................@......=.....@A........................p....=..............................pP......xY.. K..T...........................`J..@............................................text....).......*.................. ..`.data....p...@...n..................@....idata..............................@..@.rsrc...............................@..@.reloc..xY.......Z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\vcomp140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):161904
                                                                                                                                                                                                          Entropy (8bit):6.7450593736078766
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1BB877A36D2FCF866A79433D318A38C7
                                                                                                                                                                                                          SHA1:ADF05679B78D0B15342CDFB4B5FA03C6FD7A140B
                                                                                                                                                                                                          SHA-256:2FA5C0FA42036A1891A4824C41842869820BA6251D9BA39631B2F41636CC474F
                                                                                                                                                                                                          SHA-512:B89BBCEBF968FD8D8038C4D61664ABF0AEDA77D15C1E8DD7083347272A1BBB22178A5DC6EFC20D428A38A7625B702C9BEE922A10C3BDE3F20A2DD043506152EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.5.R.f.R.f.R.fX .g.R.fX .g.R.fX .g.R.f..g.R.f..g.R.f..g.R.fX .g.R.f.R.f.R.f..g.R.f..g.R.f..hf.R.f..g.R.fRich.R.f........................PE..L.....'..........."!...&.....L...............................................p......Z.....@......................... .......`!..(....0...............(..pP...P..L....p..T...........................Po..@............ ..X............................text............................... ..`.data...T...........................@....idata..$.... ......................@..@.rsrc........0......................@..@.reloc..L....P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\vcruntime140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):91104
                                                                                                                                                                                                          Entropy (8bit):6.919609919273454
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9C133B18FA9ED96E1AEB2DA66E4A4F2B
                                                                                                                                                                                                          SHA1:238D34DBD80501B580587E330D4405505D5E80F2
                                                                                                                                                                                                          SHA-256:C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
                                                                                                                                                                                                          SHA-512:D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\SysWOW64\vcruntime140_threads.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):35920
                                                                                                                                                                                                          Entropy (8bit):6.96589440050578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:888FB15A3D5B671D0557B2D25A7EA1E7
                                                                                                                                                                                                          SHA1:8F7FC210E96CB8BF5F4902B87495D6D9903A3E45
                                                                                                                                                                                                          SHA-256:0ADC89F01F9719C26A1A6176690C2CA8E5E1FF8339A4B140E4260BA3D6AE78A6
                                                                                                                                                                                                          SHA-512:E17CB660575A1B76637B50B63279BE2DFCF8B96E425E5572B73EF191497B0308408FDD6BF3D7849C52978E22C1763F05569774C4A6C8147ADB520B45360DFF63
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-.&ki.H8i.H8i.H8..I9k.H8o.I9k.H8`..8n.H8i.I8U.H8o.L9b.H8o.K9j.H8o.M9b.H8o.H9h.H8o..8h.H8o.J9h.H8Richi.H8........................PE..L...u!............"!...&.&...........'.......@............................................@A.........................1.......P..x....`...............<..PP...p..D.......T...............................@............P...............................text...D$.......&.................. ..`.data........@.......*..............@....idata.......P.......,..............@..@.rsrc........`.......4..............@..@.reloc..D....p.......8..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\HTMLayout.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4144536
                                                                                                                                                                                                          Entropy (8bit):6.480077040893753
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:110089114750B59CDB11577A55847B4A
                                                                                                                                                                                                          SHA1:16FB4E9CCC686CC172B33FEF2FF80761F752B0CC
                                                                                                                                                                                                          SHA-256:E3F9EB4243A735283FB32FD6FC0E3A37B0B761C56E913198ED4B5ED81F9CC122
                                                                                                                                                                                                          SHA-512:856BAB9247F39B6A11A632B2982FC9AE50BBB2722173DCE02D47EBA15902AFD10D874F63322BEF83EE110258C436D74C3808B8A310BF6C13456CCED111DD0483
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d...&W.f.........." ...&..0...........(.......................................?......?...`A..........................................:.......:.,....@>......0<.T...H.?.P)....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18996632
                                                                                                                                                                                                          Entropy (8bit):6.45256219394282
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4A69DE3D8443601E0C071E7411927341
                                                                                                                                                                                                          SHA1:CFDA80F102BCFAEC76ECAF323BBE0E66774195AB
                                                                                                                                                                                                          SHA-256:2911C58615F9BDDC1447FB33F8567087ABD02A3AB0E96091E61A20934C9F508E
                                                                                                                                                                                                          SHA-512:76CB66EB5A1F33901BD28414522E3763BF86795D23EDD33FD5665057054B710022BF5332B9E3F770D8724F63447C6556DDEBFD771AE60F978722B40E35C1A207
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......Q\|8.=.k.=.k.=.k.O.j.=.k...k.=.k...j.=.k.O.j.=.k.O.j-=.k.E.k.=.kCH.j.=.k.H.j.=.k.H.j.=.k.O.j.=.kCH.j.=.k.H.j8=.k.J.j.=.k.J.j.=.k.=.k.=.k.S.j.=.k.S.j.=.k.O.jR=.k.=.k.8.k...j.=.k...j.<.k...j.>.k...j.=.k...k.=.k.=.k.=.k...j.=.kRich.=.k........PE..d....W.f.........." ...&......}.......P......................................`#.......!...`A........................................0................P....8..p......H.!.P)...`!.....(...........................(......@...............`#..x........................text............................... ..`.rdata..............................@..@.data...8J... ......................@....pdata.......p......................@..@.didat.. .... ......................@....sdata.......0......................@..._RDATA.......@......................@..@.rsrc.....8..P....8.................@..@.reloc.......`!.....................@..B........

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3815368
                                                                                                                                                                                                          Entropy (8bit):6.4441562258351865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7342A3F59C64B20E80DE29EB49D99389
                                                                                                                                                                                                          SHA1:325FDFA1C71A1F0E78B5DDE05359FDBA4BE6C0E9
                                                                                                                                                                                                          SHA-256:91BC0AF21E485BF52FEED853AF7A761F2F17FA0D64FBD0D7869A394B49DBA784
                                                                                                                                                                                                          SHA-512:490979636B7475F20106B5EB3A32B12D1EF78A95E652695FFF933A4AA2F49F8A57CEC6C5161E6A4A1101C148F813A7BD8D4BCC2B0BDBAC0196154ADFFC611E21
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........]2.<\..<\..<\.lN_..<\.lNY.z<\......<\...X..<\...Y..<\..._..<\..]..<\.lNX..<\..D..<\..<\..<\.}IX..<\..IY..<\.lN]..<\..<].m=\..U..=\..\..<\.....<\..<..<\..^..<\.Rich.<\.........PE..d...{V.f.........."....&..#......... x.........@..............................:.......:...`..........................................V1......W1.,....p:.x.....8.....x.:.P)....:.T[..@.,.......................,.(.....,.@.............#. ............................text...\.#.......#................. ..`.rdata........#.......#.............@..@.data...p/....1......b1.............@....pdata........8.......8.............@..@_RDATA.......`:.......9.............@..@.rsrc...x....p:.......9.............@..@.reloc..T[....:..\....9.............@..B................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvBugReport.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4964248
                                                                                                                                                                                                          Entropy (8bit):6.517582770381701
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5964E72271AD63668EA7652710E54400
                                                                                                                                                                                                          SHA1:8B075ADF2CE5D9165C3E7B808507E35CC1238390
                                                                                                                                                                                                          SHA-256:025B20F7E0313A8EA3F4123099A4D921E7532ECFA493F14A9240437A02A7A24A
                                                                                                                                                                                                          SHA-512:74EF5CC269E044D39F3706A3B0FE19397190036382E77F5220F1E613E266583C1E4FC701E2463375CA773D99C273B870F923F210B46CEB4FF6051315F7B5E5B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......t...0.}0.}0.}.|>.}.|..}6]\}<.}6].|#.}6].|J.}6].|$.}9.2}2.}f..|*.}...|..}.|1.}0.}=.}f..|4.}...|..}.|..}.|..}0.}V.}Z].|S.}Z].|1.}Z]^}1.}0.6}2.}Z].|1.}Rich0.}........................PE..d...3V.f.........."....&..2.........@#.........@..............................L.....KBL...`......................................... .A.......A.,.....L.......I.`a..H.K.P)....L.pg..p.:.......................:.(...0.:.@.............2..............................text.....2.......2................. ..`.rdata...K....2..L....2.............@..@.data.........A.......A.............@....pdata..`a....I..b....H.............@..@_RDATA........K......$K.............@..@.rsrc.........L......&K.............@..@.reloc..pg....L..h....K.............@..B................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\AvDump.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3465624
                                                                                                                                                                                                          Entropy (8bit):6.473650574760095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A91D4AD0F091E237F39FAA88049716F9
                                                                                                                                                                                                          SHA1:874D461A8217ACB500ADBECD97400F01C30F9C62
                                                                                                                                                                                                          SHA-256:365F89460C8956420BCA74C3B42E637F24DCCD5A4B667C9185D7484E4403BC3D
                                                                                                                                                                                                          SHA-512:1C50106BC4CDC0A2663893A0646F5CC899F3BB9142468974C6A7663CAFA5DF0789994AFA5E7C8AF74875FAC04FADAAC45F8FE5556DD874BC51F0DC53AEC28C83
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$...........Il..Il..Il.....Bl......l.....Ul..O.s.Jl..O..[l..O..]l..O..=l..@...Kl.....Hl..Il..Nl......Jl.....Pl.....@l..Il..m..#..l..#..Hl..#.q.Hl..Il..Kl..#..Hl..RichIl..........PE..d...$U.f.........."....&.& ....................@..............................5.....p65...`.........................................0.+.......+......`4.......2.....H.4.P)...05.(V....&.......................&.(...0.".@............@ .@.....+.@....................text...<$ ......& ................. ..`.rdata.......@ ......* .............@..@.data.........+..4....+.............@....pdata........2.......2.............@..@.didat..P....@4.......3.............@..._RDATA.......P4.......3.............@..@.rsrc........`4.......3.............@..@.reloc..(V...05..X...`4.............@..B........................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\HTMLayout.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4144536
                                                                                                                                                                                                          Entropy (8bit):6.480077040893753
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:110089114750B59CDB11577A55847B4A
                                                                                                                                                                                                          SHA1:16FB4E9CCC686CC172B33FEF2FF80761F752B0CC
                                                                                                                                                                                                          SHA-256:E3F9EB4243A735283FB32FD6FC0E3A37B0B761C56E913198ED4B5ED81F9CC122
                                                                                                                                                                                                          SHA-512:856BAB9247F39B6A11A632B2982FC9AE50BBB2722173DCE02D47EBA15902AFD10D874F63322BEF83EE110258C436D74C3808B8A310BF6C13456CCED111DD0483
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d...&W.f.........." ...&..0...........(.......................................?......?...`A..........................................:.......:.,....@>......0<.T...H.?.P)....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw20d863e694bd3872.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18996632
                                                                                                                                                                                                          Entropy (8bit):6.45256219394282
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4A69DE3D8443601E0C071E7411927341
                                                                                                                                                                                                          SHA1:CFDA80F102BCFAEC76ECAF323BBE0E66774195AB
                                                                                                                                                                                                          SHA-256:2911C58615F9BDDC1447FB33F8567087ABD02A3AB0E96091E61A20934C9F508E
                                                                                                                                                                                                          SHA-512:76CB66EB5A1F33901BD28414522E3763BF86795D23EDD33FD5665057054B710022BF5332B9E3F770D8724F63447C6556DDEBFD771AE60F978722B40E35C1A207
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......Q\|8.=.k.=.k.=.k.O.j.=.k...k.=.k...j.=.k.O.j.=.k.O.j-=.k.E.k.=.kCH.j.=.k.H.j.=.k.H.j.=.k.O.j.=.kCH.j.=.k.H.j8=.k.J.j.=.k.J.j.=.k.=.k.=.k.S.j.=.k.S.j.=.k.O.jR=.k.=.k.8.k...j.=.k...j.<.k...j.>.k...j.=.k...k.=.k.=.k.=.k...j.=.kRich.=.k........PE..d....W.f.........." ...&......}.......P......................................`#.......!...`A........................................0................P....8..p......H.!.P)...`!.....(...........................(......@...............`#..x........................text............................... ..`.rdata..............................@..@.data...8J... ......................@....pdata.......p......................@..@.didat.. .... ......................@....sdata.......0......................@..._RDATA.......@......................@..@.rsrc.....8..P....8.................@..@.reloc.......`!.....................@..B........

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw2bb1f8a556da95ab.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4964248
                                                                                                                                                                                                          Entropy (8bit):6.517582770381701
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5964E72271AD63668EA7652710E54400
                                                                                                                                                                                                          SHA1:8B075ADF2CE5D9165C3E7B808507E35CC1238390
                                                                                                                                                                                                          SHA-256:025B20F7E0313A8EA3F4123099A4D921E7532ECFA493F14A9240437A02A7A24A
                                                                                                                                                                                                          SHA-512:74EF5CC269E044D39F3706A3B0FE19397190036382E77F5220F1E613E266583C1E4FC701E2463375CA773D99C273B870F923F210B46CEB4FF6051315F7B5E5B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......t...0.}0.}0.}.|>.}.|..}6]\}<.}6].|#.}6].|J.}6].|$.}9.2}2.}f..|*.}...|..}.|1.}0.}=.}f..|4.}...|..}.|..}.|..}0.}V.}Z].|S.}Z].|1.}Z]^}1.}0.6}2.}Z].|1.}Rich0.}........................PE..d...3V.f.........."....&..2.........@#.........@..............................L.....KBL...`......................................... .A.......A.,.....L.......I.`a..H.K.P)....L.pg..p.:.......................:.(...0.:.@.............2..............................text.....2.......2................. ..`.rdata...K....2..L....2.............@..@.data.........A.......A.............@....pdata..`a....I..b....H.............@..@_RDATA........K......$K.............@..@.rsrc.........L......&K.............@..@.reloc..pg....L..h....K.............@..B................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw464c0c713ab96853.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20376
                                                                                                                                                                                                          Entropy (8bit):6.648822738165475
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:6BE2F1A6317D2FE0EBBFD712BEAA2F63
                                                                                                                                                                                                          SHA1:988AAE7B274206F6C90B67CCCA93A75A839FF0CE
                                                                                                                                                                                                          SHA-256:246FFE781AB0FDEE8F1D580BDB89176DD38B8560C451E5F1B5B809D48813E223
                                                                                                                                                                                                          SHA-512:9435DCADAD328B2E44DB9C78B3C530F21382E128A3457F3F110B44226414D8A33780E717727581947A55F3338F29AA34D07669EF623B88903A85D86D36CAC4A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...rU.f.........."....&.....0.................@.............................p.......!....`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw5c65dd9857daed44.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4144536
                                                                                                                                                                                                          Entropy (8bit):6.480077040893753
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:110089114750B59CDB11577A55847B4A
                                                                                                                                                                                                          SHA1:16FB4E9CCC686CC172B33FEF2FF80761F752B0CC
                                                                                                                                                                                                          SHA-256:E3F9EB4243A735283FB32FD6FC0E3A37B0B761C56E913198ED4B5ED81F9CC122
                                                                                                                                                                                                          SHA-512:856BAB9247F39B6A11A632B2982FC9AE50BBB2722173DCE02D47EBA15902AFD10D874F63322BEF83EE110258C436D74C3808B8A310BF6C13456CCED111DD0483
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d...&W.f.........." ...&..0...........(.......................................?......?...`A..........................................:.......:.,....@>......0<.T...H.?.P)....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\asw6252c9e9d6a1e2dd.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3815368
                                                                                                                                                                                                          Entropy (8bit):6.4441562258351865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7342A3F59C64B20E80DE29EB49D99389
                                                                                                                                                                                                          SHA1:325FDFA1C71A1F0E78B5DDE05359FDBA4BE6C0E9
                                                                                                                                                                                                          SHA-256:91BC0AF21E485BF52FEED853AF7A761F2F17FA0D64FBD0D7869A394B49DBA784
                                                                                                                                                                                                          SHA-512:490979636B7475F20106B5EB3A32B12D1EF78A95E652695FFF933A4AA2F49F8A57CEC6C5161E6A4A1101C148F813A7BD8D4BCC2B0BDBAC0196154ADFFC611E21
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........]2.<\..<\..<\.lN_..<\.lNY.z<\......<\...X..<\...Y..<\..._..<\..]..<\.lNX..<\..D..<\..<\..<\.}IX..<\..IY..<\.lN]..<\..<].m=\..U..=\..\..<\.....<\..<..<\..^..<\.Rich.<\.........PE..d...{V.f.........."....&..#......... x.........@..............................:.......:...`..........................................V1......W1.,....p:.x.....8.....x.:.P)....:.T[..@.,.......................,.(.....,.@.............#. ............................text...\.#.......#................. ..`.rdata........#.......#.............@..@.data...p/....1......b1.............@....pdata........8.......8.............@..@_RDATA.......`:.......9.............@..@.rsrc...x....p:.......9.............@..@.reloc..T[....:..\....9.............@..B................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswOfferTool.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2459080
                                                                                                                                                                                                          Entropy (8bit):6.786609680042829
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2D7EC737F3477C5F633A5DCF87E5F7DF
                                                                                                                                                                                                          SHA1:C9166B3FE38E298DDB29BE936C5BE99715B64D96
                                                                                                                                                                                                          SHA-256:A328DD17444283EFF1CBD57BC22CC7AFE21029C6516DE9CC37857F80330BD38A
                                                                                                                                                                                                          SHA-512:B77587C70CD38350EF0455074B50B75EB3D8F2E29635D14CA014C7E63C28C20AB4AC2E9CA272EEE8D6B752CDB61E223CE1972A08B3B89480207ACF10268FDD52
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......?.&.{.H.{.H.{.H...K.u.H...M...H.}m..p.H.}mL.o.H.}mM...H.}mK.`.H...L.c.H.r..y.H.-.L.a.H...L...H.{.H.}.H..L.}.H...I.f.H.{.I...H..mA...H..mH.z.H..m..z.H.{..y.H..mJ.z.H.Rich{.H.........................PE..L...+U.f...............&.b........................@...........................%......C&...@..........................................P..............x\%.P)....$......#.......................$......8#..@............................................text...ja.......b.................. ..`.rdata...Y.......Z...f..............@..@.data....m.......H..................@....rsrc........P......................@..@.reloc........$.......$.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc1028b309b252440.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2459080
                                                                                                                                                                                                          Entropy (8bit):6.786609680042829
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2D7EC737F3477C5F633A5DCF87E5F7DF
                                                                                                                                                                                                          SHA1:C9166B3FE38E298DDB29BE936C5BE99715B64D96
                                                                                                                                                                                                          SHA-256:A328DD17444283EFF1CBD57BC22CC7AFE21029C6516DE9CC37857F80330BD38A
                                                                                                                                                                                                          SHA-512:B77587C70CD38350EF0455074B50B75EB3D8F2E29635D14CA014C7E63C28C20AB4AC2E9CA272EEE8D6B752CDB61E223CE1972A08B3B89480207ACF10268FDD52
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......?.&.{.H.{.H.{.H...K.u.H...M...H.}m..p.H.}mL.o.H.}mM...H.}mK.`.H...L.c.H.r..y.H.-.L.a.H...L...H.{.H.}.H..L.}.H...I.f.H.{.I...H..mA...H..mH.z.H..m..z.H.{..y.H..mJ.z.H.Rich{.H.........................PE..L...+U.f...............&.b........................@...........................%......C&...@..........................................P..............x\%.P)....$......#.......................$......8#..@............................................text...ja.......b.................. ..`.rdata...Y.......Z...f..............@..@.data....m.......H..................@....rsrc........P......................@..@.reloc........$.......$.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\aswc414b341646f5e21.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3465624
                                                                                                                                                                                                          Entropy (8bit):6.473650574760095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A91D4AD0F091E237F39FAA88049716F9
                                                                                                                                                                                                          SHA1:874D461A8217ACB500ADBECD97400F01C30F9C62
                                                                                                                                                                                                          SHA-256:365F89460C8956420BCA74C3B42E637F24DCCD5A4B667C9185D7484E4403BC3D
                                                                                                                                                                                                          SHA-512:1C50106BC4CDC0A2663893A0646F5CC899F3BB9142468974C6A7663CAFA5DF0789994AFA5E7C8AF74875FAC04FADAAC45F8FE5556DD874BC51F0DC53AEC28C83
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$...........Il..Il..Il.....Bl......l.....Ul..O.s.Jl..O..[l..O..]l..O..=l..@...Kl.....Hl..Il..Nl......Jl.....Pl.....@l..Il..m..#..l..#..Hl..#.q.Hl..Il..Kl..#..Hl..RichIl..........PE..d...$U.f.........."....&.& ....................@..............................5.....p65...`.........................................0.+.......+......`4.......2.....H.4.P)...05.(V....&.......................&.(...0.".@............@ .@.....+.@....................text...<$ ......& ................. ..`.rdata.......@ ......* .............@..@.data.........+..4....+.............@....pdata........2.......2.............@..@.didat..P....@4.......3.............@..._RDATA.......P4.......3.............@..@.rsrc........`4.......3.............@..@.reloc..(V...05..X...`4.............@..B........................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18996632
                                                                                                                                                                                                          Entropy (8bit):6.45256219394282
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4A69DE3D8443601E0C071E7411927341
                                                                                                                                                                                                          SHA1:CFDA80F102BCFAEC76ECAF323BBE0E66774195AB
                                                                                                                                                                                                          SHA-256:2911C58615F9BDDC1447FB33F8567087ABD02A3AB0E96091E61A20934C9F508E
                                                                                                                                                                                                          SHA-512:76CB66EB5A1F33901BD28414522E3763BF86795D23EDD33FD5665057054B710022BF5332B9E3F770D8724F63447C6556DDEBFD771AE60F978722B40E35C1A207
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......Q\|8.=.k.=.k.=.k.O.j.=.k...k.=.k...j.=.k.O.j.=.k.O.j-=.k.E.k.=.kCH.j.=.k.H.j.=.k.H.j.=.k.O.j.=.kCH.j.=.k.H.j8=.k.J.j.=.k.J.j.=.k.=.k.=.k.S.j.=.k.S.j.=.k.O.jR=.k.=.k.8.k...j.=.k...j.<.k...j.>.k...j.=.k...k.=.k.=.k.=.k...j.=.kRich.=.k........PE..d....W.f.........." ...&......}.......P......................................`#.......!...`A........................................0................P....8..p......H.!.P)...`!.....(...........................(......@...............`#..x........................text............................... ..`.rdata..............................@..@.data...8J... ......................@....pdata.......p......................@..@.didat.. .... ......................@....sdata.......0......................@..._RDATA.......@......................@..@.rsrc.....8..P....8.................@..@.reloc.......`!.....................@..B........

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3815368
                                                                                                                                                                                                          Entropy (8bit):6.4441562258351865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7342A3F59C64B20E80DE29EB49D99389
                                                                                                                                                                                                          SHA1:325FDFA1C71A1F0E78B5DDE05359FDBA4BE6C0E9
                                                                                                                                                                                                          SHA-256:91BC0AF21E485BF52FEED853AF7A761F2F17FA0D64FBD0D7869A394B49DBA784
                                                                                                                                                                                                          SHA-512:490979636B7475F20106B5EB3A32B12D1EF78A95E652695FFF933A4AA2F49F8A57CEC6C5161E6A4A1101C148F813A7BD8D4BCC2B0BDBAC0196154ADFFC611E21
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........]2.<\..<\..<\.lN_..<\.lNY.z<\......<\...X..<\...Y..<\..._..<\..]..<\.lNX..<\..D..<\..<\..<\.}IX..<\..IY..<\.lN]..<\..<].m=\..U..=\..\..<\.....<\..<..<\..^..<\.Rich.<\.........PE..d...{V.f.........."....&..#......... x.........@..............................:.......:...`..........................................V1......W1.,....p:.x.....8.....x.:.P)....:.T[..@.,.......................,.(.....,.@.............#. ............................text...\.#.......#................. ..`.rdata........#.......#.............@..@.data...p/....1......b1.............@....pdata........8.......8.............@..@_RDATA.......`:.......9.............@..@.rsrc...x....p:.......9.............@..@.reloc..T[....:..\....9.............@..B................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20376
                                                                                                                                                                                                          Entropy (8bit):6.648822738165475
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:6BE2F1A6317D2FE0EBBFD712BEAA2F63
                                                                                                                                                                                                          SHA1:988AAE7B274206F6C90B67CCCA93A75A839FF0CE
                                                                                                                                                                                                          SHA-256:246FFE781AB0FDEE8F1D580BDB89176DD38B8560C451E5F1B5B809D48813E223
                                                                                                                                                                                                          SHA-512:9435DCADAD328B2E44DB9C78B3C530F21382E128A3457F3F110B44226414D8A33780E717727581947A55F3338F29AA34D07669EF623B88903A85D86D36CAC4A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...rU.f.........."....&.....0.................@.............................p.......!....`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\Stats.ini (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                          Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                          SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                          SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                          SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\Stats.ini.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                          Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                          SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                          SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                          SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\ais_cmp_bpc-7e7.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):263
                                                                                                                                                                                                          Entropy (8bit):6.0464226627668145
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:6A1910C51F39D1D89946615AD7C532F7
                                                                                                                                                                                                          SHA1:584530581F5F30D09859D3031595441CF9DDFB04
                                                                                                                                                                                                          SHA-256:8D5A3DE2B259D2C0FB35AD6D424FFA1DC00F890ACE85B7C37932AEADB6482359
                                                                                                                                                                                                          SHA-512:04FB819B28281D28AD0FC97ED3790223232C79DE19AE9826254DB144BA6F944C811A37C5F9E5ECC0C6E4DD6C283053C59360AA4D9A1023D17CEAC94A2A3F5112
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLEN....FCNT....FILE....%ROPATH%\BrowserCleanup.iniOFFS........FLEN....*...VERH........VERL........TIME.....W.TFMD5....IW.s.....Q....>.DIFT....DIFFBS[App]..ServerURL=http://bcu.ff.avast.com..S>...;.j........P.[#....K.I..6..........;?.R..o.i.#.x...I?n..ASWSig2B

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\ais_cmp_cleanup_x64-845.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30411583
                                                                                                                                                                                                          Entropy (8bit):6.605637832559806
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B09C4EAD60A3DD41A84ACABE3993B97E
                                                                                                                                                                                                          SHA1:89A9D70CA9E8155E8540F13031F4F190C9F48301
                                                                                                                                                                                                          SHA-256:B8E5158DFF4394868F98CCD52A3EF27E7A7B1B64E159C6533CECE6CF467F587D
                                                                                                                                                                                                          SHA-512:AB45F714B0C07EE2BF432CCD67DA2967BF6C68C9AB2118B7526507515249FEE8DF7C95900A08C108D8CE54603A4DFC56F29307165B03871DCF6C25D8B6E7C710
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLEN....FCNT....FILE....%ROPATH64%\libwaapi.dllOFFS........FLEN....0)..VERH........VERL....S...TIME.....m.fFMD5....U.....c...ag.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwaheap.dllOFFS....0)..FLEN....0...VERH........VERL....S...TIME.....m.fFMD5......L..qJ...z.K.8DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwalocal.dllOFFS....`...FLEN....0...VERH........VERL....S...TIME.....m.fFMD5....b.)...fw..Cb.o..DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwaresource.dllOFFS.....o..FLEN....0.G.VERH........VERL....S...TIME.....m.fFMD5...........UV..J..DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwautils.dllOFFS.....tu.FLEN....0.5.VERH........VERL....S...TIME.....m.fFMD5...... ..X)G.)\...X.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\libwavmodapi.dllOFFS.....M..FLEN....0.H.VERH........VERL........TIME.....m.fFMD5....c..f..t...@...Y.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\su_adapter.dllOFFS.... C..FLEN.....A(.VERH........VERL......_$TIME.....g.fF

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\ais_cmp_gamingmode-928.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1904733
                                                                                                                                                                                                          Entropy (8bit):6.902867665367206
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:384F6D47E83C343B8D3310DC8496D721
                                                                                                                                                                                                          SHA1:EA6A6E97CE28AE4BD3CF181C07F268200BFA953D
                                                                                                                                                                                                          SHA-256:850CB272BD8BC908EE863C1FA632550C0F070D895414913AC5A6B51A0573D391
                                                                                                                                                                                                          SHA-512:602D08C6D82DE746782C68998DC61597F1835ED15157BF92E2F64DF2F7390E01CF1624E5BD8493BD83123BF6221E908EF8F9F39EE4B48773934734E59CC6F674
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLENu...FCNT....FILE%...%RWPATH%\gaming_mode\dnddetection.datOFFS........FLEN.....z..VERH........VERL........TIME....sm.fFMD5......'c.].J....!.P.DIFT....DIFFBSFILE!...%RWPATH%\gaming_mode\dndrules.datOFFS.....z..FLEN........VERH........VERL........TIME....tm.fFMD5.....'..].......Y7.DIFT....DIFFBSFILE....%ROPATH32%\dnd_helper.dllOFFS....m...FLEN........VERH........VERL......_$TIME.....e.fFMD5.....:...UF..+..6.DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH32%\gaming_hook.exeOFFS.....u..FLEN........VERH........VERL......_$TIME.....e.fFMD5....x[..8......B0.u.DIFT....DIFFPE2TEFL......?.....FILE)...%RWPATH%\gaming_mode\dnddetection.dat.verOFFS........FLEN........VERH........VERL........TIME....sm.fFMD5.........b.j...../.DIFT....DIFFBSFILE%...%RWPATH%\gaming_mode\dndrules.dat.verOFFS........FLEN........VERH........VERL........TIME....tm.fFMD5......B8..#...P.ou..DIFT....DIFFBS]....a.;..=........y...>D.M..7.......4S.........l.+1.1..l]|N...7...fx.).N.D.5.F.w......'..Af.>[.u\v.......

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\ais_cmp_idp_x64-927.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10344892
                                                                                                                                                                                                          Entropy (8bit):6.261921990196348
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:58C202A6D3447DCE8A411E63D4656DC9
                                                                                                                                                                                                          SHA1:CFB05CC81E40C07C351296D035C2F0DB38A6A6B1
                                                                                                                                                                                                          SHA-256:B089B507B5C8B8D9914FA3CEBA343E47BE6491DAA697EDB67EC366152C3C84CB
                                                                                                                                                                                                          SHA-512:AB268AFF5D039763BD3EDE81F719BDB85EFA4BCECD83E8E7B628B5327CEA82417D819EFF3B9F20C7FACA912DA4D5EE7AB0E730F09B03CA64F06F678B3A682273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:HLENt...FCNT....FILE....%ROPATH64%\aswhook.dllOFFS........FLEN.....q..VERH........VERL......_$TIME....6m.fFMD5....j..l..N(8. .D...DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\aswidpm.dllOFFS.....q..FLEN........VERH........VERL......_$TIME....6m.fFMD5...../C.6.V.a.....DIFT....DIFFPE2TEFL......?.....FILE....%ROPATH64%\aswidsagent.exeOFFS....0y..FLEN........VERH........VERL......_$TIME....6m.fFMD5....Z..-..L..K.S.%.DIFT....DIFFPE2TEFL......?.....FILE2...%SETUPPATH%\Inf\x64\%PRODUCT_PREFIX%bidsdriver.sysOFFS........FLEN....8...VERH........VERL........TIME.....m.fFMD5........H..-.=..V..DIFT....DIFFPE2TEFL......?.....MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q.Cg?FCg?FCg?F..>G@g?FCg>Fmg?F).:GGg?F).6GMg?F)..FBg?FCg.FBg?F).=GBg?FRichCg?F........PE..d...nY.f.........." ...&............ ...............................................2.....`.................................................d...(.......

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\ais_cmp_rescuedisk_x64-8dc.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):7072620
                                                                                                                                                                                                          Entropy (8bit):1.2130230748312898
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5BE5B0C7B8D95F03DBC8EB5FA425674E
                                                                                                                                                                                                          SHA1:27968E7D5822718E68A45630D6ADD04403E75268
                                                                                                                                                                                                          SHA-256:3A056672829868CC8939E4A03A56CD4A99F3FA8C5503DA0E373DAE96589DF201
                                                                                                                                                                                                          SHA-512:3BA5AF90F2B7BD632C552C106E9CBDB5E4A9A79B54797ABFC6EDE9D4FB88371D99ABD0DECFADD034C35B2775330E5A654449721777505475EE60B33DCC06C7A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3......k.]..@..$....2T%.{.Kz..@....U...1.p<.y...{..|.A......t..S|.~m.Zp......xZ(.rj......Z......L.|...R....^S.~9..t.Z..H..Z...d\.ds[.`......../.{/!..)..=AS.+..?!.Zi.Fg...|.<...=<..7..-.YD....[..,,......R....e......sx....q.Iq..7...4.(W.r.).....)]....D..m4\...c{^P..>....7..<iN..@.@.....#4......v.g..8(d..b..C......)...&.Y._.....w......}.!..k..uIK.%.T..,.\=4......~.ZPV..ZB.UP.3.V.5..M.-.............7w9p[..;|..../..J..>~ig..J,0.y R!.p.q0...4<..N..b.;.&M..y.?3..'6r.j/#U..n...........dg.Q...."f2..4....oS.?;..+..;..o..a........<..Ws..)/...,.:^P....I...&2#IS.}....|9.J)F..h....s...p....R.../!....6)-.S..(...8pG.....C...k..uW.p."?.;@.....f...P/.i!.;.>..@.L.+...W&.$..*.7="N.+..S4..K...=.L.`.....zC..2...V..?x.....7.0....d...Rm..FK.\..ELM....~..8.........8........y(...T..>$&I,I...'O~.,.T ..2.> ?Z.l..1..VC.}Db......J...X....iS$L],:...,.{...S..`..d....}....oV.{..8\.....+b...l.....*.F}.x..V..a.....z.#...{.;*z9.#.y_BB... .>.N.nl$=.P.'.n`.

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\aswa1102df62bd866e9.ini

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1310), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1654
                                                                                                                                                                                                          Entropy (8bit):5.021430995108626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:E1E9F90123ABFBC3442B1DDCEFD43B9F
                                                                                                                                                                                                          SHA1:AC68CB228816DE9A1EEFA8D82FBC4A8033C225D3
                                                                                                                                                                                                          SHA-256:E2BCF043BFA7C5D878FB19FB54CD1BFE7D512A3717183AEDDEFADB42629E989B
                                                                                                                                                                                                          SHA-512:A497F307F4081F8A866D7C37436C5893E84B3A86FFE233CE08FC299E8518F1AD6C5091A4957FF8629047AEA8BF5FEBEBC9A0D9D399FDB2639BFE6A7FC0D5C03E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...[Shepherd]..ABTests=19fa92d7-cec3-489b-9f86-f88a9780902e:A,49afa038-20e4-4cff-b058-f7c69b5a850d:A,AV-32666-v1-fake:b,f269135a-abf6-41df-a90a-13b411c26efa:A,oa-7466-v0:a,oa-7820-v0-fake-blatny:b,oa-7820-v2:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ppi_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-on_emailscanner-ignored-processes_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_avast-24.7-and-newer_avast-forrelease-24.4_noomnianda1_aosstorelink_not-avast-one_enableddwm_enablehns3_performator_phone

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\aswa1102df62bd866e9.tmp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):34814
                                                                                                                                                                                                          Entropy (8bit):5.869806272328734
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B94E984E5503CA0FF96C89AD3B990326
                                                                                                                                                                                                          SHA1:DE1B00A9076F7741D0D97DFD3A92F2DD303F6814
                                                                                                                                                                                                          SHA-256:8BBFD903F56720246115702FDD3381D2B38E305DF6159AC4511C58251E623D51
                                                                                                                                                                                                          SHA-512:2A5E4B24B9D6F6FAF4D159B2987917BC8F33E665792167742F8720BA7B7515EAFBFD660B638DB64CC1F73446FE3A7B337E93ED9BA41968254F0E1E1220B404B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=0..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_sfzone=0..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicen

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\aswa1102df62bd866e9.tmp.new

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):34814
                                                                                                                                                                                                          Entropy (8bit):5.869806272328734
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B94E984E5503CA0FF96C89AD3B990326
                                                                                                                                                                                                          SHA1:DE1B00A9076F7741D0D97DFD3A92F2DD303F6814
                                                                                                                                                                                                          SHA-256:8BBFD903F56720246115702FDD3381D2B38E305DF6159AC4511C58251E623D51
                                                                                                                                                                                                          SHA-512:2A5E4B24B9D6F6FAF4D159B2987917BC8F33E665792167742F8720BA7B7515EAFBFD660B638DB64CC1F73446FE3A7B337E93ED9BA41968254F0E1E1220B404B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=0..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_sfzone=0..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicen

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\aswbd5b38725b6f1c73.ini

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (603), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):837
                                                                                                                                                                                                          Entropy (8bit):5.140147758255865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B7221289D9EE860B8A69881E67C1D254
                                                                                                                                                                                                          SHA1:A7B2E520F36D77B83D337C2C67D3A8F2AC7214B4
                                                                                                                                                                                                          SHA-256:501DD00F8C0519252E3BBA060E880F11C6E7A3FF5B8DCA02BB3FDE3E434E47F5
                                                                                                                                                                                                          SHA-512:BE919CD522B020E0946D440F72D8E98E5344389210BE3784CC6A4572BED7996BC039F45327CCB2D856230EAEF42C1FCB7563FC910588475E7ED730ED9A7DB0C7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...[Shepherd]..ABTests=49afa038-20e4-4cff-b058-f7c69b5a850d:A,oa-7466-v0:a,oa-7820-v0-fake-blatny:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ppi_free_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_not-avast-one_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_production-new-installs_versions-older-than-23.1_old-smartscan_ispublicrelease_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-44264802bb4bbeaaa119da2c787d89e12967555f56c0664f6070b25122bcb660..ConfigVersion=5072..LastUpdate=1723632093..NextUpdate=1723697261..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\aswbd5b38725b6f1c73.tmp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30896
                                                                                                                                                                                                          Entropy (8bit):5.881113389287546
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:FC41DB3A1BCF646D86919D346DBBB625
                                                                                                                                                                                                          SHA1:E9643793D8EC20DF974B43E881C15FFF3686B285
                                                                                                                                                                                                          SHA-256:70328232F1C3B46E50FBC29600D566864DCEB9FC57209FFC1EF44F4ACAF3D1EB
                                                                                                                                                                                                          SHA-512:E5A56E819241852CF85A55CBC1481E31F052613D89341BB38247D78654F9A21C090181B6E660FF98D60888EE34F9ADF2D8A8F1F4B78E06498E75ECEAB63CCE7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=0..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInject

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\aswbd5b38725b6f1c73.tmp.new

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30896
                                                                                                                                                                                                          Entropy (8bit):5.881113389287546
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:FC41DB3A1BCF646D86919D346DBBB625
                                                                                                                                                                                                          SHA1:E9643793D8EC20DF974B43E881C15FFF3686B285
                                                                                                                                                                                                          SHA-256:70328232F1C3B46E50FBC29600D566864DCEB9FC57209FFC1EF44F4ACAF3D1EB
                                                                                                                                                                                                          SHA-512:E5A56E819241852CF85A55CBC1481E31F052613D89341BB38247D78654F9A21C090181B6E660FF98D60888EE34F9ADF2D8A8F1F4B78E06498E75ECEAB63CCE7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=0..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInject

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\avbugreport_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4964248
                                                                                                                                                                                                          Entropy (8bit):6.517582770381701
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5964E72271AD63668EA7652710E54400
                                                                                                                                                                                                          SHA1:8B075ADF2CE5D9165C3E7B808507E35CC1238390
                                                                                                                                                                                                          SHA-256:025B20F7E0313A8EA3F4123099A4D921E7532ECFA493F14A9240437A02A7A24A
                                                                                                                                                                                                          SHA-512:74EF5CC269E044D39F3706A3B0FE19397190036382E77F5220F1E613E266583C1E4FC701E2463375CA773D99C273B870F923F210B46CEB4FF6051315F7B5E5B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......t...0.}0.}0.}.|>.}.|..}6]\}<.}6].|#.}6].|J.}6].|$.}9.2}2.}f..|*.}...|..}.|1.}0.}=.}f..|4.}...|..}.|..}.|..}0.}V.}Z].|S.}Z].|1.}Z]^}1.}0.6}2.}Z].|1.}Rich0.}........................PE..d...3V.f.........."....&..2.........@#.........@..............................L.....KBL...`......................................... .A.......A.,.....L.......I.`a..H.K.P)....L.pg..p.:.......................:.(...0.:.@.............2..............................text.....2.......2................. ..`.rdata...K....2..L....2.............@..@.data.........A.......A.............@....pdata..`a....I..b....H.............@..@_RDATA........K......$K.............@..@.rsrc.........L......&K.............@..@.reloc..pg....L..h....K.............@..B................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3465624
                                                                                                                                                                                                          Entropy (8bit):6.473650574760095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A91D4AD0F091E237F39FAA88049716F9
                                                                                                                                                                                                          SHA1:874D461A8217ACB500ADBECD97400F01C30F9C62
                                                                                                                                                                                                          SHA-256:365F89460C8956420BCA74C3B42E637F24DCCD5A4B667C9185D7484E4403BC3D
                                                                                                                                                                                                          SHA-512:1C50106BC4CDC0A2663893A0646F5CC899F3BB9142468974C6A7663CAFA5DF0789994AFA5E7C8AF74875FAC04FADAAC45F8FE5556DD874BC51F0DC53AEC28C83
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$...........Il..Il..Il.....Bl......l.....Ul..O.s.Jl..O..[l..O..]l..O..=l..@...Kl.....Hl..Il..Nl......Jl.....Pl.....@l..Il..m..#..l..#..Hl..#.q.Hl..Il..Kl..#..Hl..RichIl..........PE..d...$U.f.........."....&.& ....................@..............................5.....p65...`.........................................0.+.......+......`4.......2.....H.4.P)...05.(V....&.......................&.(...0.".@............@ .@.....+.@....................text...<$ ......& ................. ..`.rdata.......@ ......* .............@..@.data.........+..4....+.............@....pdata........2.......2.............@..@.didat..P....@4.......3.............@..._RDATA.......P4.......3.............@..@.rsrc........`4.......3.............@..@.reloc..(V...05..X...`4.............@..B........................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\avdump_x86_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3214232
                                                                                                                                                                                                          Entropy (8bit):6.600410343537519
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4F30E27D0CCE4CFB1E492843C6A3E971
                                                                                                                                                                                                          SHA1:0C5006FDBA022F90EC94E0D8FC32281E40069766
                                                                                                                                                                                                          SHA-256:A6D27EF7D7C9DC32E562BA143A2FE8FCC2EBDEAD0171B511A517ABEAD2599DCE
                                                                                                                                                                                                          SHA-512:D575DDA05D9972914401EC2E40136A20F1F98B55D5125F5CDE706396C44A0466684C64FC173033C3E4D4E8F079BACF682AF99BE7E733CA4E4B3120439C7B23A0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........N.;. H;. H;. H..%I.. H..$I#. H=..H8. H=.$I/. H=.#I!. H=.%IK. H..#I*. H2..H9. H..$I:. H;. H=. Hm.%I8. H..!I". H..%I2. H;.!H. HQ.)I. HQ. I:. HQ..H:. H;..H9. HQ."I:. HRich;. H........PE..L....U.f...............&............p.............@...........................1......w1...@...........................(.......(.....................H.0.P)..../.....4S$......................S$......4!.@.....................(.@....................text...:........................... ..`.rdata...[.......\..................@..@.data....^...@(.......(.............@....didat..(...........................@....rsrc...............................@..@.reloc......../.....................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\config.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30302
                                                                                                                                                                                                          Entropy (8bit):5.882248833927378
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:FCF68190FC0BA5391E263B655517AAA8
                                                                                                                                                                                                          SHA1:C608BD9ACBDE6EC96919A29D46BC1C14A27B731E
                                                                                                                                                                                                          SHA-256:16C38A08F2CA7DEAE058EE282251E0D9E35CD6796B7329EBA3E17C7131663F62
                                                                                                                                                                                                          SHA-512:AD991386BC68DDA87F3401A7B7321323D81D04A6D1DEA0B1BA221AA4A4ACD2BC088185B4EE07DB1BD572713C516D93F4F931EFFE91E78EF2AC3047A4985C2886
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkippedDomains=whatsapp.

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\config.def.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10422
                                                                                                                                                                                                          Entropy (8bit):7.980981647589329
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:919B56C1B1CD90C6E572DC035C1D1540
                                                                                                                                                                                                          SHA1:FC3769865F0706A86F93A2C392F2BCC6E7756BED
                                                                                                                                                                                                          SHA-256:0C0CAF852743BA70B5770B1DA8BFAF5D8076AD88BB46F90FD909769294F1341F
                                                                                                                                                                                                          SHA-512:D2A8D4531B24A4AAEF6F7D076D0E45A46B39009DA591DFF4509EFCD10017C14B086965A95228F451FBFD91E6DDCAA35B55B143E040F35EB1B868F06283647DD3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3^v..V(..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1......d..)........6....d..Ox..wB....=eS.G..vo..i...57....0.......,h.\....,..6..2.u.. ........7.....n."G...?.>..2C..D...eL.@......}i......mL...c...zS....1.x..].<.".N..........0{n^`I.:.S...0.e..mn?1.+H.CF~.....t.>>....A.8...0.,.(.H!Ah..T.U.ER.U...t...7P.NX.....`....pE.C.;.c,....D#f^.R..".'@U.s.NR}..;h.!f.=..].......^.K..4.jE%..D..t.u.....!.):S./.7.....9.........HE...=..=Z.S:?D..t..-..Z6..T...4...F6..J4.E.\1m/......%..S....G..Q..Dk..."..p..._K.Z.F.)..Y6.iyN.r=\X..i\..i......{......I.dA.z..Q%>x.:IW.....].<...~;M.......DB....U.mn..7..-.....O@7.mv...n.. .,...e..|.5..H.J/.(..<g....G#.s.....4.;..y.j.,.z..K...'^..K,.U-.Yj......m.."%..R........V...W........B..N.%bxSF...\..S.:.^8.YF.\..a3@9'.SJ....>*.5U.

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\config.ini (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (603), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):837
                                                                                                                                                                                                          Entropy (8bit):5.140147758255865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B7221289D9EE860B8A69881E67C1D254
                                                                                                                                                                                                          SHA1:A7B2E520F36D77B83D337C2C67D3A8F2AC7214B4
                                                                                                                                                                                                          SHA-256:501DD00F8C0519252E3BBA060E880F11C6E7A3FF5B8DCA02BB3FDE3E434E47F5
                                                                                                                                                                                                          SHA-512:BE919CD522B020E0946D440F72D8E98E5344389210BE3784CC6A4572BED7996BC039F45327CCB2D856230EAEF42C1FCB7563FC910588475E7ED730ED9A7DB0C7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:...[Shepherd]..ABTests=49afa038-20e4-4cff-b058-f7c69b5a850d:A,oa-7466-v0:a,oa-7820-v0-fake-blatny:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ppi_free_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_not-avast-one_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_production-new-installs_versions-older-than-23.1_old-smartscan_ispublicrelease_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-44264802bb4bbeaaa119da2c787d89e12967555f56c0664f6070b25122bcb660..ConfigVersion=5072..LastUpdate=1723632093..NextUpdate=1723697261..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\cookie.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                                                          Entropy (8bit):3.041625614369223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2033150B837C1E4FBA4C4D2A0E7040F2
                                                                                                                                                                                                          SHA1:5BACD60F7ACDAB34B10034572F927A2520998A56
                                                                                                                                                                                                          SHA-256:DB37A6F78ADD08326F209EB7CFD7B6182060247151C14F86EF0E2E67CF885A65
                                                                                                                                                                                                          SHA-512:21D9814A7815DBA23C5859C92C174A8B730436523151F7A44E456B790432DD2D9DF7497240285635CA89304FA699DE4DD4343884202783261ACB00C1BAD5D40F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:mmm_mrk_ppi_004_408_v

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\instcont_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3815368
                                                                                                                                                                                                          Entropy (8bit):6.4441562258351865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7342A3F59C64B20E80DE29EB49D99389
                                                                                                                                                                                                          SHA1:325FDFA1C71A1F0E78B5DDE05359FDBA4BE6C0E9
                                                                                                                                                                                                          SHA-256:91BC0AF21E485BF52FEED853AF7A761F2F17FA0D64FBD0D7869A394B49DBA784
                                                                                                                                                                                                          SHA-512:490979636B7475F20106B5EB3A32B12D1EF78A95E652695FFF933A4AA2F49F8A57CEC6C5161E6A4A1101C148F813A7BD8D4BCC2B0BDBAC0196154ADFFC611E21
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........]2.<\..<\..<\.lN_..<\.lNY.z<\......<\...X..<\...Y..<\..._..<\..]..<\.lNX..<\..D..<\..<\..<\.}IX..<\..IY..<\.lN]..<\..<].m=\..U..=\..\..<\.....<\..<..<\..^..<\.Rich.<\.........PE..d...{V.f.........."....&..#......... x.........@..............................:.......:...`..........................................V1......W1.,....p:.x.....8.....x.:.P)....:.T[..@.,.......................,.(.....,.@.............#. ............................text...\.#.......#................. ..`.rdata........#.......#.............@..@.data...p/....1......b1.............@....pdata........8.......8.............@..@_RDATA.......`:.......9.............@..@.rsrc...x....p:.......9.............@..@.reloc..T[....:..\....9.............@..B................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\instup_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18996632
                                                                                                                                                                                                          Entropy (8bit):6.45256219394282
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4A69DE3D8443601E0C071E7411927341
                                                                                                                                                                                                          SHA1:CFDA80F102BCFAEC76ECAF323BBE0E66774195AB
                                                                                                                                                                                                          SHA-256:2911C58615F9BDDC1447FB33F8567087ABD02A3AB0E96091E61A20934C9F508E
                                                                                                                                                                                                          SHA-512:76CB66EB5A1F33901BD28414522E3763BF86795D23EDD33FD5665057054B710022BF5332B9E3F770D8724F63447C6556DDEBFD771AE60F978722B40E35C1A207
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......Q\|8.=.k.=.k.=.k.O.j.=.k...k.=.k...j.=.k.O.j.=.k.O.j-=.k.E.k.=.kCH.j.=.k.H.j.=.k.H.j.=.k.O.j.=.kCH.j.=.k.H.j8=.k.J.j.=.k.J.j.=.k.=.k.=.k.S.j.=.k.S.j.=.k.O.jR=.k.=.k.8.k...j.=.k...j.<.k...j.>.k...j.=.k...k.=.k.=.k.=.k...j.=.kRich.=.k........PE..d....W.f.........." ...&......}.......P......................................`#.......!...`A........................................0................P....8..p......H.!.P)...`!.....(...........................(......@...............`#..x........................text............................... ..`.rdata..............................@..@.data...8J... ......................@....pdata.......p......................@..@.didat.. .... ......................@....sdata.......0......................@..._RDATA.......@......................@..@.rsrc.....8..P....8.................@..@.reloc.......`!.....................@..B........

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\jrog2-cd.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1891973
                                                                                                                                                                                                          Entropy (8bit):4.12037090919453
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:88856CF9345EB14CAADD7B02E7B5067F
                                                                                                                                                                                                          SHA1:FEAFFA6024AAD9CE308206459D94907B1B41148E
                                                                                                                                                                                                          SHA-256:47CA79C1DB170514CB1E4A0DD747823EF6BB3AFF9B784C8BCDA040CC85724AA1
                                                                                                                                                                                                          SHA-512:5C3C348D529D053DDBE8F6C4A9D3AA69AEFF0CBFE97CA00E6BBE8C28C2F952D977E4006DC4999705902E6302DB080894DB860E72F8E23A4D36A10C26FC5F6779
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:L_.f....KEYS-...000059e1-0a38-48f7-b026-111b6b032ff0.0000a237-9a29-4945-901e-8497fc73681a.0001c6ab-58b5-461e-9713-4933576aab81.00025df6-8dc5-44ad-81c7-bc589289d3e8.000347d1-1da1-4bf5-a300-9a6ddfb88cc4.0003bf22-5db8-45ba-abf5-f191ec0e535c.00040fd4-0f2d-48ff-bb5f-5aa986d4e2c8.000420be-d123-4ed6-a7d8-1bd3318f39f2.0006adc8-e7a7-477c-8e43-66cc71cf7665.0006b791-f919-4555-90d6-fd95d9540c32.000734d1-3296-41c3-96f3-e0ade17127e4.00073ad6-46c5-4452-92d2-2c5a4e413a6b.0007c2a7-d2c0-4d59-bc16-43f23aa00734.000830f5-fcda-4090-8afa-2bcd73d1b92c.00091b7f-95fa-4a91-b074-f99a4ad92e76.00099fe5-c135-47a4-9856-28104bf1fa88.000a9f78-6328-41de-81da-e9927d6bc3b8.000bdc3f-f6e1-49f6-9a1e-b2ff31241a80.000c86fc-7bf2-458d-9c8e-9a5a9b151444.000d60bc-b219-408e-b38b-4a13e2c0a799.000e8480-d0ae-4112-ba60-9a3303f26d78.00106a9a-dd07-4004-8659-d5265ba41b1d.00135bc9-899e-4ccc-9e4e-fcd2f514ad99.00150e5f-5cd5-4e63-a0c0-d57e4d9592e4.00161e73-481f-4f07-97a6-bb0075747c46.00164529-3083-4af0-bad8-8ea39acf458b.00181fa0-2cc4-4dc0-979

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\offertool_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2459080
                                                                                                                                                                                                          Entropy (8bit):6.786609680042829
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2D7EC737F3477C5F633A5DCF87E5F7DF
                                                                                                                                                                                                          SHA1:C9166B3FE38E298DDB29BE936C5BE99715B64D96
                                                                                                                                                                                                          SHA-256:A328DD17444283EFF1CBD57BC22CC7AFE21029C6516DE9CC37857F80330BD38A
                                                                                                                                                                                                          SHA-512:B77587C70CD38350EF0455074B50B75EB3D8F2E29635D14CA014C7E63C28C20AB4AC2E9CA272EEE8D6B752CDB61E223CE1972A08B3B89480207ACF10268FDD52
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......?.&.{.H.{.H.{.H...K.u.H...M...H.}m..p.H.}mL.o.H.}mM...H.}mK.`.H...L.c.H.r..y.H.-.L.a.H...L...H.{.H.}.H..L.}.H...I.f.H.{.I...H..mA...H..mH.z.H..m..z.H.{..y.H..mJ.z.H.Rich{.H.........................PE..L...+U.f...............&.b........................@...........................%......C&...@..........................................P..............x\%.P)....$......#.......................$......8#..@............................................text...ja.......b.................. ..`.rdata...Y.......Z...f..............@..@.data....m.......H..................@....rsrc........P......................@..@.reloc........$.......$.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\part-jrog2-1523.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):704
                                                                                                                                                                                                          Entropy (8bit):7.650356271647679
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:F86F404DB4551F2B29007E8353842A9D
                                                                                                                                                                                                          SHA1:8D504C2369CE54DFA38E04E0C52AD35263A6ECD2
                                                                                                                                                                                                          SHA-256:D02A702AEF6DE2BB6EDD3938A4F85EC493B84AB5E187D60E3804727449258F01
                                                                                                                                                                                                          SHA-512:378044B5E22EA128832C5342BE3A03D360D2C4AF7461BF5C508E50018CB26F02C3FB3C89E99BACFE5898BF652B176878DD80182C23655B4E0A042190DF1FF6BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFile....`...x.-.Yl.a...2Uj....%"....&.).%b.M.z.7..HD......K..m.t..}1...j.Zj....{..|...y.{....[....8..V....M.E...-.a..'{.ms3..?6+9..3aw.........].3..\...{....}..)..9..!gqO0a}.Z_..8s........#.'F..g..b...[E.X&..+..b.8M....5...@.,..x..l.7....I./...3V,..p...(.Z.)6..b.8B...S/J......<..........z.........v......Kl.......0V.X$~3V......."......'.....>z.*.....<..}.%....._.O.z/.......&.m......-.S.;.}..c.=2v?..{@......~:.o'..:...s3..k.W..z..#^.j..w5.U..}T0.r..w),A...../.n..A>..co.........].s.........o..&...%.^'~._W./.x&.....\2.......C.......}.%~....;E<...bH<A<M.....c.;....a.p....O.g.s>.....+...h..u3..)Q.B.C......[...f3..mg[....U...pv.Z...{.9Ur&...%./.%.k. 9ASWSig2B

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\part-jrog2-cd.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):211
                                                                                                                                                                                                          Entropy (8bit):6.788240953935729
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3C46691C49324DE8CC1A46AEE07A67DE
                                                                                                                                                                                                          SHA1:3B22C0F68742B614692522A078E45069B6E85114
                                                                                                                                                                                                          SHA-256:7E2C8D8753969411EBA9F1F6ED0DA751B12698E8BE303A8902E63AE84D000B4E
                                                                                                                                                                                                          SHA-512:66E0DE28FF1F88C741944DAEB6A326D73E004EFAD4D3598871135B9F1C8DC13E18186592C409EEA3FC0618CA5021C6DCF306DE90D7AA4A4BCF90D31FE9288D13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFilem...s...x..pt.Ne``.s.ue..YE..F...n.@.........g5......_7...h....>.....N..J..n.['v.WlH2T..l..g....K.&..s.....s...Zy..2.'...s.....$.....".2.....v..S..mL1..x}....}`..F...M.O>.6.X&....ASWSig2B

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\part-prg_ais-180717ec.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):76581
                                                                                                                                                                                                          Entropy (8bit):7.997917940613098
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:863FC6CED83C3C1D2C0F86BB13C2ECE5
                                                                                                                                                                                                          SHA1:997799534BB6BAD2A3F435F6F36EF80E4CCFB67C
                                                                                                                                                                                                          SHA-256:C2A34DA73D79E47045F9393B8647C19F76E5A65275B183688E8C86365D92EBEE
                                                                                                                                                                                                          SHA-512:8D9AB4380832E86F5D148ADD8D3157FBB06A1D2E639590DC0F04F5C08890A2F8F8ED72797D607E6391538CBAA8D77D50B2A2E4794A13DB5F4D0DA2909173B00B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.U...*..]..@..(.Dx_.......~..1.Pd.....=....3s6..i.a{.I......&.B~..F.v\...iG,...3.N?....#...V....OFB......%..,).'..P.JBX....X..r%.g....a.L.G.*..E.Q..0.)u.o$.{e..pJb.z<}(R.0..7.,........^\.r.......Wm..%.I ..\...!.....4.......g.....>..jnYD\..CKPa.....e.j...Ac5......A./...S.p....)*X:.Q....+.'......O.'..S.FlIb.#W ..f..E ..1.....5MgFm.Z.F.T..oZN.9)...S'..."".....N.S..F..as.qg...j.o...=$...a.."tWX.$_...g.....x..r|..b.'...u;Er..J.Fd!."|@.i!.~F{.I....V.....6.E.+..5.`.l.../I.5'@...?..K..[....P..U.&B...s..1..l...zO..."r......}1;..1.e...RTsIa....".....h5f.....*9.@u^..U{.O..2.>....=Q.%....`Y.K;.x..\.)....1g...e.3+.]y[n........T...... bA.6.7S..2....y.....1c........3.l.^S5{..;k...J9..^tw..T.:.w....I.S=..g.Sb......-.{.<.B..A....=.x.J).H..K.=/........-...$?.K9..........UN..E9.1..|.........l..u..Y..s..7.X..S6A.;D...M..x..gL.).;"...q...)0......e..vS...|..0...tA....|../.D~..A......3.........9d...O.}..o........X....aA...4..|C.

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\part-setup_ais-180717ec.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4471
                                                                                                                                                                                                          Entropy (8bit):7.955804403056235
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:800EB47562108EACE0CC37408EA5D784
                                                                                                                                                                                                          SHA1:B198D6F98EEA23345BD515934BA65BF75AC58FE5
                                                                                                                                                                                                          SHA-256:9DA22BD173FCB3EBA2DF079878C41E28616748BE45297298EB294E193F1A4833
                                                                                                                                                                                                          SHA-512:7DC7E9E11860A94A7415068EB68371DA484C53C2A257972E19CA747F4760C214FC39E4E4000AEBEA491C91E28A29EE968CC679590BCDF38CB9468E96FA0A49AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.......]..@..(.Dx_.l2......gz..k.+..).Ys..)tj.C.vH.[.,......;n....n.I4.h.....,..%L.S...)S.o!.l.!jrl.W..5.,..Z...W....%....\#.1.UG..x.T.e8.;{".n..pi.........}.d..lI*j.'.I.....L.m.1...<..c2....C@&.....].'...dZ.H...........\..@g........g.......Ve.~.Z.....iA......@H{.....v..U..?..9B\..Z..f%K....V@..e06..R...$.:..Z.@.4...Sv.]....IG...{....k`8g|2]....h..W...j..3T...Q;#...x..p...{0...........;....+......>...'*<...@.....JK._.;7."...9.7,....SSI.OP...R...:.Z...m".8..K....@.w....Y.A]..%{8.0.u..(e..V]....U(=..vf.:Q..h..M.IM.....8.....<..'...7.......c..Ue.....a..wI..'..6>.ov..X..N`..J..,.b..U.8.......oC....t......_.|[..|..M..H.#.../....o..{....';...D.U,)VJ*..*....-.9V.EM...M.e.3..%....g^..I.L....etr..w+.3..;q.lD.Mf..|.n.JF.H.....5...F.H^..].F.....+...r..x....H..7wy...b.,./...|.Y.+eR[ ..G.%=hd$.-9..O...V8NU3Q..]..k.i..!...I|./..W..W.wFM.>.E.8..77[C....A..[....Z..m.$)nrl....D...|.....c....4-.=...<.iq6p.h..R.`.c....^<.~.. ..........

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\part-vps_windows-24072404.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12134
                                                                                                                                                                                                          Entropy (8bit):7.96552644828408
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A6A17FC9CFD136073E1F1D931798555A
                                                                                                                                                                                                          SHA1:4AE848926F9C7B2A18E75F56B88D0C714BE5AD58
                                                                                                                                                                                                          SHA-256:5E260B60EB5E5041CF1B657F18105EA6388835F1EBAE884DE2C78290AEA3C5B8
                                                                                                                                                                                                          SHA-512:EA8A4C2026BA1F989145B3DDA3B98F2E318E955923CE615451BE2552941CB7A04AF4BB4905BC2352C734F4B21F81AD375A8C24397F9D641D54402EE435875BA1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFile.?.../..x...w<...?~.8.G6.,2"!+"d..))2.FY.2C.HVVv.......D_.....{.}o.....>..=^.:..u.{<.WPc...i.k\#....x.j...t......ue%..=+;e1-J...7..8...x..&..\.j..&......UT..v7.5..>..yw.'...r..K.k.z..<......Y..O.......Dxx..|x.n...H.G...w....m$o!.&....ud]C.W....e$/!y...H.G...g.<.......'.u.Y... y..H.A.o$.B.0.."y...:...#..Y. ..H.A.wd.F......v".w ...mHnEr......._...Fd....Br......uH.Er..? ...UH.Dr...\......y....H.Br!.. ....<$."9.Y....H.B..$g"9...HNC.TdMA.OFr..&"..H~....~..c....1'....)..B.#....p$.Dr...".!H~..`$.!.sd?.Y..}.d.C.}....O..do${!...O..1.......dwduCVW.q.$;#..........{Hv@..=..O.dC..D....s5.v.....?L:.3.[.m....g.....=....[...D.5....%y.....ka....jE..._.m4...o&u...!&.JI...t..d.19`RI..0....L>r .L....&..I....I.k.`R......!.L..S.&..0.I.-,`.!..0...L....&.RH..KtX.d.2!`2:..0Y..L.,..&.i...=,`.X....>..L.=D.&{...I.I.`....0i;..L....&...&..0.I.P.`....`.p...$...&..I.......e+.`rk..0Y...D...&Q..I[#.`.k;.0...L^M#.LJSa...?....n`...t..I#eR.$...0I......L&/

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\part-vps_windows-24081399.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7482
                                                                                                                                                                                                          Entropy (8bit):7.977664426348318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:952BAED23348AF19D60AFA95B37F0247
                                                                                                                                                                                                          SHA1:3EE85881DAA3DCDA5A17F881037213465835CF8A
                                                                                                                                                                                                          SHA-256:4B2FFFD4E42B6A9424F0223CBF9CB3890FF4ACC93A85DAB2A6004537DB6D9DCE
                                                                                                                                                                                                          SHA-512:B66085CF73DBAFF55A1741A771A4E0C641137E87B8301690EF65DCFC60A4489B3F5DC491320A40C9DCE9681ED68701383B73796F07A7CBC99AC4F930DF7DDED3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFile{.......x.}.cp%.....;....m.xbM..g2.m.v2..mcb...s.....u.....G?........P.S.B..twr5rst.s5.`...H..k..~\..M5..j$..[4.t.?a*b..U.%......Bw..>...3.Z.....C.!c.6..L ...:.._w..."HD......6..m.[X...9..;:..E9n......'.u.nFRP.Ytn/.7R..NE|E...F!.q..z....<.N....v.N.a.5)mq.OV.2......&.......kf.../...*.^.....f..t..w.........ZQ....].;.4.o../.u..+..J..c....:T.......9.c".....~....B|j...D..W..e.e...7.T\....F.c.m..5u....3.fe..;.H..V...#.....&.?.6utt.......X.l#.)J.j...@... .h.1.*..t.R8.W...UU.<}@....$.....].|h.9...O...........@.=ah\.....w..3.V./e....z.=....J.PC.#....}WTE.<..~...e..............?..L.r..^..O..p.]]....\%..l.U..... ....J....[u.dE....0t...hH.b..?M.~X........`....h......!.|y...P.|.n..f}.....5..7.+....I..Q....|t..q.......0.^..6.c"....MB.M/Z#...d....p}..K..C..v.i......).Q.m....O=^.<.!.....sA.w.R..J.N..4.Ye.].I..:.9C[.1.'3.%.d..xl.^.{u.o=.V.._*...P.P...?.i..F.*.".....l.c...9+#...t..l_!^.5s..? LV..?.sh..{x....wH.}.....L.j......qK.....J|.......MH>..v.jV.d...1.

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\prod-pgm.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):571
                                                                                                                                                                                                          Entropy (8bit):7.54372468311459
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:1EDD4C0A0428F8F05DF0AD463224C839
                                                                                                                                                                                                          SHA1:E3345B667431361EB70EE0832AB868A11B296E94
                                                                                                                                                                                                          SHA-256:FA8EB5231CC8EFEFE0B9E5F3FD50B90234E46A2DD3EC8469C3E783D0F5398CF6
                                                                                                                                                                                                          SHA-512:329E1239B09BD0501D9FC31D93FD1B1363D3C8AF8E8EAB8FE049CF63125A8BEF6F4A169F4C9827E94A5291FD30207C298A4633D30BE5DEB8C8F9D4E4C782AAE3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.EnX;....s-.+.U......u..45a....j.....K.....F.BI.;YQs,W...J.....k..m.O~4*.jpWU...o>....&F....,..:.)...{y[..?!....e.e.%..P..p..s....!...J..L.P../.(n...Ed.1J.s..-/D.d...t...t1...>.A~.k@...y.#....Z.S.....cI.,i....A ...N.....0..$......r...........+ ..[..@.s....4(.....H4..;..\@.=...BI:3..>o..4j#..3..8......W.M.........x....p.F*....Z+....p)..9..(3.........!.F...\n.Ncf....?....cT.'..cq3.{.......kcc|..z..0..W..J.mB..c....Y.N..z...>.v..:....>....3..@.....@0W.K.@.......$ASWSig2B

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\prod-vps.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):339
                                                                                                                                                                                                          Entropy (8bit):7.248290688799379
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3AD287591BA74AE481893A6209ACB568
                                                                                                                                                                                                          SHA1:4543B9A3DB386158697349EB45E76C3BFB311EC1
                                                                                                                                                                                                          SHA-256:9F9130E378ED3FD2908B73183A1B103E4BB6B78272BFA65EAEC780FFE3C72A87
                                                                                                                                                                                                          SHA-512:833F01954EF3707872D9F8E6F463905888093BC196DEE3A3B9F9CEDAA6888110F1069ABE301CCF7901A7ABEA8F67E2CDE047633FD0503F99BDECC4F834BB0396
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0..s...|\.@.. v.....fi)..5.Ee.2.7.'|Tzf...i...nl....n.....Zf.;.k....=.x....n....5..W..B<}Afv..I.......f ]VP.r.7.._...._^.s.La.....d.\...r@.r.nc....7.....u..$(.......?.....?.o5J..<z.c...D^.m9+cb.*|....."...aYS4g....."...].%...B?6.8....R...p].O..+?..f\..,...cv.c..7...(|%ASWSig2B

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\program.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1548988
                                                                                                                                                                                                          Entropy (8bit):4.90318072725186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:92E751D687870E37326599FE6FE2935A
                                                                                                                                                                                                          SHA1:C0F24CEC9158AA8549920FA1744D1593881506CD
                                                                                                                                                                                                          SHA-256:B0A7E16A4E452BB67BD39F3EDF04BC2983073438734FF23BF4E8E6D7BAA547D5
                                                                                                                                                                                                          SHA-512:D47079C3C78E49D0662F49FD0E4F123D8F77ED738C6CF322E25CFAD55A584D5ACBD3127B6B5CA900B64837BF0C899F81D002D635B4E783B79434CA5B571E4A24
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="program" name="prg_ais">.. <selection-tree>.. <selection-tree name="ais_security" name_ids="23000" desc_ids="23001">.. <node name="ais_shl_fil" name_ids="20002" desc_ids="20003" />.. <node name="ais_shl_bhv" name_ids="20014" desc_ids="20015" />.. <node name="ais_cmp_avpap" name_ids="21062" desc_ids="21063" />.. <node name="ais_shl_rsw" name_ids="20022" desc_ids="20023" />.. <node name="ais_shl_web" name_ids="20008" desc_ids="20009" />.. <node name="ais_shl_mai" name_ids="20004" desc_ids="20005" />.. <node name="ais_shl_shp" name_ids="20016" desc_ids="20017" />.. <node name="ais_shl_exch" name_ids="20018" desc_ids="20019" />.. <node name="ais_cmp_rdp" name_ids="21064" desc_ids="21065" />.. <node name="ais_cmp_secdns" name_ids="21040" desc_ids=

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\sbr_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20376
                                                                                                                                                                                                          Entropy (8bit):6.648822738165475
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:6BE2F1A6317D2FE0EBBFD712BEAA2F63
                                                                                                                                                                                                          SHA1:988AAE7B274206F6C90B67CCCA93A75A839FF0CE
                                                                                                                                                                                                          SHA-256:246FFE781AB0FDEE8F1D580BDB89176DD38B8560C451E5F1B5B809D48813E223
                                                                                                                                                                                                          SHA-512:9435DCADAD328B2E44DB9C78B3C530F21382E128A3457F3F110B44226414D8A33780E717727581947A55F3338F29AA34D07669EF623B88903A85D86D36CAC4A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...rU.f.........."....&.....0.................@.............................p.......!....`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\servers.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30252
                                                                                                                                                                                                          Entropy (8bit):5.135643388000874
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:39D82CF162F1202304841EA2FA5CAEE9
                                                                                                                                                                                                          SHA1:DA05B98F0ACD2C960346DB0441A58200BBFF3A83
                                                                                                                                                                                                          SHA-256:3121E33CFF95AAA9E5E9CA4EB4F2FFBC79954EEF840031656D8D390A64CADA53
                                                                                                                                                                                                          SHA-512:3575623CAEB39D78AE00F1C1246FB52C78BA265791DE58F15F53D09DE5C03B6860EEEA9F4965D08C5CCA7ABD8BA380BC5CFE59EF5F8257F91D058CDAA0F05140
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\servers.def.lkg

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30252
                                                                                                                                                                                                          Entropy (8bit):5.135643388000874
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:39D82CF162F1202304841EA2FA5CAEE9
                                                                                                                                                                                                          SHA1:DA05B98F0ACD2C960346DB0441A58200BBFF3A83
                                                                                                                                                                                                          SHA-256:3121E33CFF95AAA9E5E9CA4EB4F2FFBC79954EEF840031656D8D390A64CADA53
                                                                                                                                                                                                          SHA-512:3575623CAEB39D78AE00F1C1246FB52C78BA265791DE58F15F53D09DE5C03B6860EEEA9F4965D08C5CCA7ABD8BA380BC5CFE59EF5F8257F91D058CDAA0F05140
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\servers.def.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2454
                                                                                                                                                                                                          Entropy (8bit):7.913807789895145
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:61935E97073241B3694A5933DA1A010E
                                                                                                                                                                                                          SHA1:5412B0D796A5459F146623E67E0212F84572F17F
                                                                                                                                                                                                          SHA-256:631204381D7A3FBFFB56766010704B9128EA8FE7EC4854220EFFC2C5AB9A68EF
                                                                                                                                                                                                          SHA-512:201770B01657CB1FB5DB53A7E5B806211947FF3FFDADE5E8F0E0B9ACA53EE48CA2194169AD4E5903EDBB7360DF49811ADC0763A722F1BB28AD6249747F3C299D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3,v..6...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\setgui_x64_ais-a45.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4144536
                                                                                                                                                                                                          Entropy (8bit):6.480077040893753
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:110089114750B59CDB11577A55847B4A
                                                                                                                                                                                                          SHA1:16FB4E9CCC686CC172B33FEF2FF80761F752B0CC
                                                                                                                                                                                                          SHA-256:E3F9EB4243A735283FB32FD6FC0E3A37B0B761C56E913198ED4B5ED81F9CC122
                                                                                                                                                                                                          SHA-512:856BAB9247F39B6A11A632B2982FC9AE50BBB2722173DCE02D47EBA15902AFD10D874F63322BEF83EE110258C436D74C3808B8A310BF6C13456CCED111DD0483
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d...&W.f.........." ...&..0...........(.......................................?......?...`A..........................................:.......:.,....@>......0<.T...H.?.P)....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\setup.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):39810
                                                                                                                                                                                                          Entropy (8bit):4.742543551624326
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:24B473CF564FABC3A55CEBCB8AA7A7C9
                                                                                                                                                                                                          SHA1:795E24A972B2FF67545E4D61B42D29059A0FA1C8
                                                                                                                                                                                                          SHA-256:5B561E4A1587711FA7A9D710400BA537C4D73A01AF95074B048D56F6B4131E7D
                                                                                                                                                                                                          SHA-512:262D84FB320899EC0C12FE217DA608CC1ED7FD662C3F75CE4913A5D6CA91B1ED264F023F186655F280131B6FAE1CBE24481A0AB6055677632A9E04A1A1DBE21B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.7">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />..

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\uat.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15808
                                                                                                                                                                                                          Entropy (8bit):7.987470222692564
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:534B2BAD93BB812AE191B5506AE23565
                                                                                                                                                                                                          SHA1:2993199DEDF4CD3C31A2BBFCF10DA1774537843F
                                                                                                                                                                                                          SHA-256:7A31F6F6CB37D42A0356AEB5DD2D803B6634DC6EFE1763BED59ACA6431B955AF
                                                                                                                                                                                                          SHA-512:8C12BE0698B769E0E11D5954474EB4F713A3D8811291FD5336DE2CB6614228944BB5EA11FEFAB345BD2AC6E00163731B542A521438464C925C051AC71BF5EDF2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.k..`=..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yW....\.9f.F..||".CUy.V..n../..}X!P[.^6.YB.......z..T.rK.0......e..,.>.J.S..S..~._.\b4dJv.T'.`\r}..;...9..zy..;;........~..h.L....\....o.v.T..9.>....G..{P.Z...X....1.V=h.....#r...y.b...\..m.....,.N(..x.3.....dP<.@B......._.a...uZ.\O........5P.. .[.B.5.=|..5...h.d:.S.5...>..|!.?B.7:.<..{.. .e.E..q.#w.9.}.^..%@La\..i.O...(.^a...`0aT54e...!.%...{..7.J(...7..SK.>...._.t8@.....*q.@.>..&l.p>D.+...I.#8kU............Om...."......`..Ny..6.mN`M..N...x.gf..8\We...hx..{-=.d.J.....+R.,..&L.0.K.$_%........lyd...]6.^..........*...b.V.7...:B.DK.}I.L|...E..ro.!M`....vK..pp+=.....t.2@S...Qg.x..&..i.1H...$..\AC.........gS..W.\.l..9Bp......{.".@.z y`...^.....`.."9,..2.W...P .l\..D.!..U.t3.t.....[.51m....g3.}>}Z.:...;|..l5}...r..m.:..\W).y&.!.w.1ORf..IJ...s.s>.;...Uc"B.I..A!........Xg...._.K...X........F....s.8oz&I....V..].U........z.}... #...: g.?k..

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\uat64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30104
                                                                                                                                                                                                          Entropy (8bit):6.811827410763732
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9E2F415514D2E408661D3E71BF4A80C4
                                                                                                                                                                                                          SHA1:D92F4D356272B424EAC0BEECE46686093AA7DCDC
                                                                                                                                                                                                          SHA-256:4D4281642981C71556111DB06CABCB494669261340CCB70089B5F12A952984D7
                                                                                                                                                                                                          SHA-512:C8FFBFA956E0DE5262E4D5F0626B671BD1657AF2B93D389054227CDE01F71B7CD7B28F1B6ED2415B91D5A09A52D00F75BDACE7961F101337F7CC621D0A93BC5A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.I.?n..?n..?n.YMm..?n.YMj..?n.YMo..?n..?o..?n..g..?n..n..?n....?n..?...?n..l..?n.Rich.?n.........PE..d....U.f.........." ...&.&...$......`4....................................................`A.........................................T..,....U..P.......h....p......HL..P)...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...h............D..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\uat64.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16868
                                                                                                                                                                                                          Entropy (8bit):7.988590082697058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:E7908971C7F59401CEB35DB59CBADDED
                                                                                                                                                                                                          SHA1:EBC24DA66BC206A8FF7BE80C7C48AD942FBB4963
                                                                                                                                                                                                          SHA-256:0BF0605894B5660DAF656C950606F1FCFEBC480921F1BC09C5726AF08C1D16F4
                                                                                                                                                                                                          SHA-512:8DCD7F7A39578AEAE46B8C014C618D4FD97F560EC3037A839C13BD60717DCFEBF7BA456C287C5A6E041C1EE717079647B63579EF4B1170F0916C67A9FB1E3D8A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.u...A..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y......Hdn.......l^.m......atrd."=..68...&z.dN.......H.u.a..qs....GT.r}.v..U. -.....H..Y............S$.......t.a\..g..X..?.n..'ST.U8Al.u...1.M..W1.Dn.[l.....i.....`........ik.e.>Jy..+....."..d...... H|4...R..yF.R.w....W.....V...z..T.d`_XHs...j..f.....v..l.7.../j9.:...i....sqp^.|.A.J.. .P.Q.z9.K....%.., ..r-.......+.p`...o.Y..`..o..s..,...9.]..DO#..B...(Y.:3..+..5..@...".....l.g..7U'$..3.X..Vd..!.....v..@...A./3..Kr....|.........L...B3.0M..........w.z?U..X...'P.....S..y?..2.9I.Q.s.-6.......g.8..k...:... kL,....]..b.F...v..|n.....w....L...M}..C..@-....l...........f.?...U........G'..~.,..|H`p..[8..........i..JR.....z....c...6Ip..'..`.Y....m..<.t..{.......+w.>/..YO.v77..0>..[....e.......o%...I.].....C..\...OIpE...9&W6y.....E..1n..0...;.......h'..[&.X.<..._...'$.%.X.U.<......Z...H..D..0....6..D92a.Oj)..;.......i_..k(..{X~......q..T...

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\uata64.vpx

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10885
                                                                                                                                                                                                          Entropy (8bit):7.9849728990314714
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:48E949CC88D14AE464758D092E0A146E
                                                                                                                                                                                                          SHA1:4B4EEA3A10F9FA773FA06BCFBB5BD5C767FC9840
                                                                                                                                                                                                          SHA-256:1D7B0513CC1AD2CB00BF3713EF896F7867A3A5D2700778870108700EA3ACA833
                                                                                                                                                                                                          SHA-512:FCB5D7819802660C0A073415B4636375D5F93F98BDEA786230A326556355B8B63FCB96A94117BC0A42890A842BFD718A8145CB5E51B11D0A25D3936A60CB6006
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.K..%*..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y.....6[b....-...q.v...Y...jKJ\y..t...x....Xp. .........A.].[!F.......9X.9qTK.<./<..R....@E...{....?)..V.y.p!f-w..bG.....\..:...#.....G|...@;\.26n..q..g<.9.A..[,.E..+V.............x.3....;....R..V...c.e.vq..3..Y...%x6.7^....U+...X...{.`.j..;x......{..{O......p...R../~.....\.^y..}..p............'.....].w2#.G5.......0...U]...:\AD. @.4.E1g....DL.0d.8....8......;Q.......Aw8H7.....|=...<..K.. .0..........%..V.....bM..Kh...+.l5...;u.w......x....sz....H..xX.S.v.3F...ey..&.+.....$....RO. ...xz..}..)..A..t.t.......&:....A.m....Q..^.O[.u...?].h.@.:Q..?....=..{.ia..d...<.......L.^.LKf..=.B&'E.+.uL..X.M.q.mz.N....#.-..~.*..9x..M{..H9.2.QT.,..4......&_...Q'.7-.Iyc......x.t.....0..7a.4za;..6V].....fC....L."}.E....YU_.m..D.......\..lsj.../...J.....x..9.Q.B.............=K.....C.A.A..9J/.p.dw>d..8.c..b$.m.d=....\E...6.tK..|....L......p.....>.-.H0..

                                                                                                                                                                                                          C:\Windows\Temp\asw.5463fcd871ea2a5b\vps.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):55892
                                                                                                                                                                                                          Entropy (8bit):5.023769121133634
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:04008A053E28A1E92EC9B281771D86AA
                                                                                                                                                                                                          SHA1:9BDD4A8CBCB7033272A2A91BAA520E6A2402AF00
                                                                                                                                                                                                          SHA-256:F34E60BFDD4757678FBB78B83DD4FB0E2999052565418D9DF056A38A95B0549C
                                                                                                                                                                                                          SHA-512:7EA35FA564E55AF0D3A0CC20E747778D8E115885756F3A78B1ACF66473044D9A30C0F4BD3EE0590EB40E2AD13B13E1720A90021EF2619F75D26C9E957FDAA1C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<products>.. <product-defs>.. <product name="vps">.. <part-list>.. <part name="vps_windows" type="vps">.... <expand-symbol-alias>.. <src>%VPSPATH%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR32%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR64%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <condition>.. <or-list>.. <file-exists path="%SETUPPATH%\Vps64Reboot.txt" />.. <and-list>.. <or-list>.. <is-operation name="install" />.. <is-operation name="updateProgram" /

                                                                                                                                                                                                          C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9931880
                                                                                                                                                                                                          Entropy (8bit):7.909536392549001
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:C2626794E09A2197C5AC2FECC2F611A2
                                                                                                                                                                                                          SHA1:E1EC4AE41BBBA62DE63CEBEBD4B37DCED421E789
                                                                                                                                                                                                          SHA-256:64B255D3C9C3E0C244FF26A70351D873231495EB102DC6154C8BC9EA205B292A
                                                                                                                                                                                                          SHA-512:70609E6D758EAE7FE552AE609AA3894465D11EB7B0BD171BC74CC41FD41CF8C31B2B80A8D5A1B91942142B9C8B16F05796C68D0EE8E907BAC1BF2179950ED6DF
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...........F...F...F.....K...........G...@.y.B...@...U...@...R...@...0.....X.......L...O...D...F...K.......B.....K...F...T.....G.....A...,.......,...G...,.{.G...F...D...,...G...RichF...................PE..d....V.f.........."....&.6...F......pX.........@.....................................&....`....................................................d....0..0x...P.......a...*......4...............................(...`...@............P.......l..@....................text...,4.......6.................. ..`.rdata...I...P...J...:..............@..@.data............Z..................@....pdata.......P......................@..@.didat..X...........................@..._RDATA....... ......................@..@.rsrc...0x...0...z..................@..@.reloc..4............ ..............@..B................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.7cdf66164185824f\ecoo.edat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                                                          Entropy (8bit):3.041625614369223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2033150B837C1E4FBA4C4D2A0E7040F2
                                                                                                                                                                                                          SHA1:5BACD60F7ACDAB34B10034572F927A2520998A56
                                                                                                                                                                                                          SHA-256:DB37A6F78ADD08326F209EB7CFD7B6182060247151C14F86EF0E2E67CF885A65
                                                                                                                                                                                                          SHA-512:21D9814A7815DBA23C5859C92C174A8B730436523151F7A44E456B790432DD2D9DF7497240285635CA89304FA699DE4DD4343884202783261ACB00C1BAD5D40F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:mmm_mrk_ppi_004_408_v

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1028\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18415
                                                                                                                                                                                                          Entropy (8bit):4.043868285184243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2B063D92663595DFE4781AE687A03D86
                                                                                                                                                                                                          SHA1:0FB582E756DBC751EA380593AC4DA27DDB4EBB06
                                                                                                                                                                                                          SHA-256:44C76290F7A2E45940E8338912FEB49BCF4E071CFA85D2D34762857743ACBC8D
                                                                                                                                                                                                          SHA-512:94C8FDA6173C7F5740F206190EDCD1F1F1C309596B710D400E23CD363A619D707A5D4576D4FE63AB7CB68947F009EFD29A1FBE04743A294698BF2AE17E92C214
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'88\'cc\'d0\'d0\'eb\'41\'b6\'ce\f0 \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fc\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a1\'a3\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1028\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2980
                                                                                                                                                                                                          Entropy (8bit):6.163758160900388
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                                                                                                                                                          SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                                                                                                                                                          SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                                                                                                                                                          SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1029\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13234
                                                                                                                                                                                                          Entropy (8bit):5.125368352290407
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
                                                                                                                                                                                                          SHA1:511F5DE8A99C09EC3766C5E2494A79EACCA261C8
                                                                                                                                                                                                          SHA-256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
                                                                                                                                                                                                          SHA-512:77108E53CD58E42F847D8EF23A07723C4849DC41DBE1C3EF939B9170E75F525BEC9D210D6C1FBFEB330ECE2E77B8A8E2808730D9E6F72F5B3FE626D58B6068C6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z jej\f0\'edch afilac\'ed, v\~z\'e1vislosti na tom, kde bydl\'edte) a v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1029\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3333
                                                                                                                                                                                                          Entropy (8bit):5.370651462060085
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:16343005D29EC431891B02F048C7F581
                                                                                                                                                                                                          SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                                                                                                                                                          SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                                                                                                                                                          SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1031\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12392
                                                                                                                                                                                                          Entropy (8bit):5.192979871787938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:2DDCA2866D76C850F68ACDFDB696D6DE
                                                                                                                                                                                                          SHA1:C5076F10B0F0654CDE2C990DEEB2772F3CC4844B
                                                                                                                                                                                                          SHA-256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
                                                                                                                                                                                                          SHA-512:E3A3693B92873E0B42007616FF6916304EDC5C4F2EEE3E9276F87E86DD94C2BF6E1CF4E895CDF9A1AA0CAC0B381B8840EEE1F491123E901DEE75638B8BC5CE1B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil Tahoma;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBEDINGUNGEN\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Diese Lizenzbestimmungen stellen eine Vereinbarung zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem ihrer Affiliate-Partner) dar. Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dcGEN SIE \'dcBER DIE NACHFOLGEND AUFGEF\'dcHRTEN RECHTE.\par....\pard{\pntext\f3\'B7\tab}{\*\pn\pnlvlblt\pnf3\pnindent360{\pntxtb\'B7}}\

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1031\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3379
                                                                                                                                                                                                          Entropy (8bit):5.094097800535488
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:561F3F32DB2453647D1992D4D932E872
                                                                                                                                                                                                          SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                                                                                                                                                          SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                                                                                                                                                          SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1036\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12349
                                                                                                                                                                                                          Entropy (8bit):5.108676965693909
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A6E352E5804313CCDE3E4D5DDDDE122D
                                                                                                                                                                                                          SHA1:834E3AAA07DC675589A9E5FCD23CE5586C2739E8
                                                                                                                                                                                                          SHA-256:5C13A65870D770D1642A4259EECB436257CA39016A0500F747BE9C79BE0C7009
                                                                                                                                                                                                          SHA-512:6578AC6467F61930BC1B20E404441725C63790C65AEC1ACE297429EAD15F50E68D5FE9CC1451AC86AE23DC1A7FE967650166293010D687785FB81FB4492B87C4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil\fcharset177 Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\ltrpar\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Les pr\'e9sentes conditions de licence constituent un contrat entre Microsoft Corporation (ou en fonction de votre lieu de r\'e9sidence, l\f1\rquote\f0 un de ses affili\'e9s) et vous. Ils s\f1\rquote\f0 appliquent au logiciel vis\'e9 ci-dessus. Les termes s\f1\rquote\f0 appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\f1\rquote\f0 autres termes n\f1\rquote\f0 accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT D

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1036\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3366
                                                                                                                                                                                                          Entropy (8bit):5.0912204406356905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                                                                                                                                                          SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                                                                                                                                                          SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                                                                                                                                                          SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1040\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11440
                                                                                                                                                                                                          Entropy (8bit):5.037988271709582
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BC58AD6ABB16B982AEBADC121B37E706
                                                                                                                                                                                                          SHA1:25E3E4127A643DB5DB2A0B62B02DE871359FAE42
                                                                                                                                                                                                          SHA-256:70ECF23C03B66A2B18E173332586AFA8F00F91E02A80628F4F9CB2521E27F6AC
                                                                                                                                                                                                          SHA-512:8340452CB5E196CB1D5DA6DBB3FA8872E519D7903A05331055370B4850D912674F0B6AF3D6E4F94248FE8135EB378EB36969821D711FE1624A04AF13BBE55D70
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..RUNTIME MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, tranne se accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1040\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3319
                                                                                                                                                                                                          Entropy (8bit):5.019774955491369
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D90BC60FA15299925986A52861B8E5D5
                                                                                                                                                                                                          SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                                                                                                                                                          SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                                                                                                                                                          SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1041\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30228
                                                                                                                                                                                                          Entropy (8bit):3.785116198512527
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:47C315C54B6F2078875119FA7A718499
                                                                                                                                                                                                          SHA1:F650DDB5DF2AF2EE7555C410D034B37B9DFD055B
                                                                                                                                                                                                          SHA-256:C3061A334BFD5F02B7085F8F454D5D3D97D477AF14BAB497BF31A7887BC90C5B
                                                                                                                                                                                                          SHA-512:A0E4B0FCCCFDD93BAF133C2080403E8719E4A6984237F751BD883C0D3C52D818EFD00F8BA7726A2F645F66286305599403470F14D39EEDC526DDE59228A5F261
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS PGothic;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f1\par..MICROSOFT VISUAL C++ 2015 - 2022 \f0\'83\'89\'83\'93\'83\'5e\'83\'43\'83\'80\f1\par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation\f2\'a3\'a8\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'bd\'8a\'d6\'98\'41\'89\'ef\'8e\'d0\f2\'a3\'a9\f0\'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\f2\'a1\'a3\'b

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1041\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3959
                                                                                                                                                                                                          Entropy (8bit):5.955167044943003
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                                                                                                                                                          SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                                                                                                                                                          SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                                                                                                                                                          SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1042\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28393
                                                                                                                                                                                                          Entropy (8bit):3.874126830110936
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:641D926354F001034CF3F2F3B0FF33DC
                                                                                                                                                                                                          SHA1:5505107FFF6CF279769A82510276F61EA18637AE
                                                                                                                                                                                                          SHA-256:3D4E9C165CBEAB829D608106F0E96450F839FFA8ADBD755F0B51867E89DA2AE0
                                                                                                                                                                                                          SHA-512:B0339664434B096ABC26D600F7657919EF3689B4E0FDFD4EDD8E479859A51EF51BE8F05FA43E25567FFD6C1C2BCC6EF0D7A857B6D666D264C7783BAD3A383D0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'b7\'b1\'c5\'b8\'c0\'d3\f0 \par..\b0\f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1042\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3249
                                                                                                                                                                                                          Entropy (8bit):5.985100495461761
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:B3399648C2F30930487F20B50378CEC1
                                                                                                                                                                                                          SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                                                                                                                                                          SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                                                                                                                                                          SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1045\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13352
                                                                                                                                                                                                          Entropy (8bit):5.359561719031494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:F140FD8CA2C63A861D04310257C1B1DB
                                                                                                                                                                                                          SHA1:7BF7EF763A1F80ECACA692908F8F0790A88C3CA1
                                                                                                                                                                                                          SHA-256:6F94A99072061012C5626A6DD069809EC841D6E3102B48394D522A0C2E3AA2B5
                                                                                                                                                                                                          SHA-512:A0BD65AF13CC11E41E5021DF0399E5D21B340EF6C9BBE9B1B56A1766F609CEB031F550A7A0439264B10D67A76A6403E41ABA49B3C9E347CAEDFE9AF0C5BE1EE6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA MICROSOFT\par..\f0 MICROSOFT VISUAL C++ \f1\'8cRODOWISKO URUCHOMIENIOWE 2015-2022 \par..\b0\f0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\f1\'b9. Postanowienia te dotycz\'b9 oprogramowania okre\'9clonego powy\'bfej. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym tow

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1045\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3212
                                                                                                                                                                                                          Entropy (8bit):5.268378763359481
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                                                                                                                                                          SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                                                                                                                                                          SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                                                                                                                                                          SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1046\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10956
                                                                                                                                                                                                          Entropy (8bit):5.086757849952268
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9A8D2ACF07F3C01E5CBC461AB932D85B
                                                                                                                                                                                                          SHA1:8781A298DCC14C18C6F6DB58B64F50B2FC6E338E
                                                                                                                                                                                                          SHA-256:27891EEC899BE859E3B4D3B29247FC6B535D7E836DEF0329111C48741EC6E701
                                                                                                                                                                                                          SHA-512:A60262A0C18E3BEF7C6D52F242153EBE891F676ED639F2DACFEBBAC86E70EEBF58AA95A7FE1A16E15A553C1BD3ECACCD8677EB9D2761CB79CB9A342C9B4252E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..TEMPO DE EXECU\'c7\'c3O DO MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Os presentes termos de licen\'e7a constituem um contrato firmado entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pn

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1046\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3095
                                                                                                                                                                                                          Entropy (8bit):5.150868216959352
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                                                                                                                                                          SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                                                                                                                                                          SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                                                                                                                                                          SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1049\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31981
                                                                                                                                                                                                          Entropy (8bit):3.6408688850128446
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:62229BE4447C349DF353C5D56372D64B
                                                                                                                                                                                                          SHA1:989799ED24913A0E6AE2546EE2A9A8D556E1CB3B
                                                                                                                                                                                                          SHA-256:1BB3FB55B8A13FA3BAFFFE72F5B1ED8B57A63BD4D8654BB6DC5B9011CE803B44
                                                                                                                                                                                                          SHA-512:FA366328C3FD4F683FDB1C5A64F5D554DE79620331086E8B4CCC2BFC2595B1FDED02CEC8AA982FCD8B13CC175D222AF2D7E2CD1A33B52F36AFD692B533FDBF13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Tahoma;}{\f3\fnil\fcharset204 Garamond;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\'d1\'d0\'c5\'c4\'c0 \'c2\'db\'cf\'ce\'cb\'cd\'c5\'cd\'c8\'df MICROSOFT VISUAL C++ 2015\f1\endash\f2 2022 \par..\b0\f0\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1049\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4150
                                                                                                                                                                                                          Entropy (8bit):5.444436038992627
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:17C652452E5EE930A7F1E5E312C17324
                                                                                                                                                                                                          SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                                                                                                                                                          SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                                                                                                                                                          SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1055\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13807
                                                                                                                                                                                                          Entropy (8bit):5.2077828423114045
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9625F3A496DBF5E3E0D2F33D417EDBBF
                                                                                                                                                                                                          SHA1:119376730428812A31B70D58C873866D5307A775
                                                                                                                                                                                                          SHA-256:F80926604E503697247353F56856B31DE0B3FC1319F1C94068363952549CC9B1
                                                                                                                                                                                                          SHA-512:DB91A14FC27E3A62324E024DD44E3B5548AF7E1C021201C3D851BD2F32537885AACFC64ADAE619BAC31B60229D1D5FC653F5301CD7187C69BD0ACECCE817D6A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset238 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 \'c7ALI\f1\'aaMA S\f0\'dcRESI \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan s\f0\'f6zle\f1\'bameyi olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\pa

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\1055\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3221
                                                                                                                                                                                                          Entropy (8bit):5.280530692056262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                                                                                                                                                          SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                                                                                                                                                          SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                                                                                                                                                          SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\2052\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18214
                                                                                                                                                                                                          Entropy (8bit):3.9837154113926356
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D083C7E300928A0C5AEA5ECBD1653836
                                                                                                                                                                                                          SHA1:08F4F1F9F7DFA593BE3977515635967CE7A99E7A
                                                                                                                                                                                                          SHA-256:A808B4933CE3B3E0893504DBEF43EBF90B8B567F94BD6481B6315ED9141E1B11
                                                                                                                                                                                                          SHA-512:8CB3FFAD879BABA36137B7A21B62D9D6C530693F5E16FBB975F3E7C20F1DB5A686F3A6EE406D69B018AA494E4CD185F71B369A378AE3289B8080105157E63FD0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0\f1\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f0 Microsoft Corporation\f1\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f0 Microsoft \f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\2052\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2978
                                                                                                                                                                                                          Entropy (8bit):6.135205733555905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3D1E15DEEACE801322E222969A574F17
                                                                                                                                                                                                          SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                                                                                                                                                          SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                                                                                                                                                          SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\3082\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10825
                                                                                                                                                                                                          Entropy (8bit):5.1113252296046126
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:873A413D23F830D3E87DAB3B94153E08
                                                                                                                                                                                                          SHA1:24CFC24F22CEF89818718A86F55F27606EB42668
                                                                                                                                                                                                          SHA-256:ABC11BB2B04DFF6AFE2D4D4F40D95A7D62E5AF352928AF90DAA3DADE58DD59BD
                                                                                                                                                                                                          SHA-512:DC1ECCB5CC4D3047401E2BC31F5EB3E21C7881C02744A2E63C10D3C911D1158DCFAC023988E873C33DC381C989304FE1D3CB27ED99D7801285C4C378553CD821
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Los t\'e9rminos de esta licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n de donde viva, una de las sociedades del grupo) y usted. Se aplican al software mencionado anteriormente. Los t\'e9rminos tambi\'e9n se aplican a los servicios o actualizaciones de software de Microsoft, excepto en la medida en que sus t\'e9rminos sean diferentes.\par..\b SI USTED CUMPLE LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE A CONTINUACI\'d3N SE DESCRIBEN.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb1

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\3082\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3265
                                                                                                                                                                                                          Entropy (8bit):5.0491645049584655
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                                                                                                                                                          SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                                                                                                                                                          SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                                                                                                                                                          SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (558), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12906
                                                                                                                                                                                                          Entropy (8bit):3.7237107259370177
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:055DD6CC2667D43E89368B6672E378C9
                                                                                                                                                                                                          SHA1:E4278D0440C2069F11735EE0AEECD9B576CB010C
                                                                                                                                                                                                          SHA-256:88EFFBF5C9EEB280C03FC8E39FDD685F91F0B95842F36FDE55DB5B759C35D68D
                                                                                                                                                                                                          SHA-512:1084EAC05F0931A7C6CA95A9AF44DE7E591DF17367AB58871B80D9C52E7208596B27F203C30EAF42DDD1913B4DC927B969CBE798CA4BA46D383A3DC427C7EB01
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...1.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .7. .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...3.8...3.3.1.3.5.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.s.". .I.d.=.".{.4.6.c.3.b.1.7.1.-.c.1.5.c.-.4.1.3.7.-.8.e.1.d.-.6.7.e.e.b.2.9.8.5.b.4.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.F.8.9.9.B.

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\license.rtf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9235
                                                                                                                                                                                                          Entropy (8bit):5.167332119309966
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:04B33F0A9081C10E85D0E495A1294F83
                                                                                                                                                                                                          SHA1:1EFE2FB2D014A731B752672745F9FFECDD716412
                                                                                                                                                                                                          SHA-256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
                                                                                                                                                                                                          SHA-512:D1DBED00DF921169DD61501E2A3E95E6D7807348B188BE9DD8FC63423501E4D848ECE19AC466C3CACFCCC6084E0EB2F457DC957990F6F511DF10FD426E432685
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\f

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\logo.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1861
                                                                                                                                                                                                          Entropy (8bit):6.868587546770907
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D6BD210F227442B3362493D046CEA233
                                                                                                                                                                                                          SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                                                                                                                                                          SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                                                                                                                                                          SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\thm.wxl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2952
                                                                                                                                                                                                          Entropy (8bit):5.052095286906672
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                                                                                                                                                          SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                                                                                                                                                          SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                                                                                                                                                          SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\thm.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8332
                                                                                                                                                                                                          Entropy (8bit):5.184632608060528
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:F62729C6D2540015E072514226C121C7
                                                                                                                                                                                                          SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                                                                                                                                                          SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                                                                                                                                                          SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.ba\wixstdba.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):195600
                                                                                                                                                                                                          Entropy (8bit):6.682530937585544
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                                                                                                                                                          SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                                                                                                                                                          SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                                                                                                                                                          SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):650080
                                                                                                                                                                                                          Entropy (8bit):7.2212720110363735
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          SHA1:41EDD6321965D48E11ECDED3852EB32E3C13848D
                                                                                                                                                                                                          SHA-256:D4C6F5C74BBB45C4F33D9CB7DDCE47226EA0A5AB90B8FF3F420B63A55C3F6DD2
                                                                                                                                                                                                          SHA-512:D85AC030EBB3BA4412E69B5693406FE87E46696CA2A926EF75B6F6438E16B0C7ED1342363098530CDCEB4DB8E50614F33F972F7995E4222313FCEF036887D0F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\cab54A5CABBE7274D8A22EB58060AAB7623

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 824123 bytes, 11 files, at 0x44 +A "concrt140.dll_x86" +A "msvcp140.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 62 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):834339
                                                                                                                                                                                                          Entropy (8bit):7.997653805266825
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A57EFC0AFFFDF914CBC76BB882CAD37E
                                                                                                                                                                                                          SHA1:732DBEF27C49C27D9F1C00EBA177EABC21650FB8
                                                                                                                                                                                                          SHA-256:C384DA7CC6EAD2CE054A67FDED26D7E4CFF2F981A83C64DE62E53864665E5F45
                                                                                                                                                                                                          SHA-512:AD2CFC0FD199FE2726FD18C0A5972185E8331FE49807CA6340212901DD61D30853E2C72015EE9BAC0425E287EF488190A245676173194FAFBF8F6FC7FBF9BABA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MSCF....;.......D...........................;....'..............>...P.........3X,. .concrt140.dll_x86.x...P.....3X-. .msvcp140.dll_x86.P........3X-. .msvcp140_1.dll_x86......B....3X-. .msvcp140_2.dll_x86.P.........3X-. .msvcp140_atomic_wait.dll_x86.Pv..h.....3X-. .msvcp140_codecvt_ids.dll_x86.p....B....3X-. .vcamp140.dll_x86.pZ..(.....3X-. .vccorlib140.dll_x86.px...-....3X-. .vcomp140.dll_x86..c........3X-. .vcruntime140.dll_x86.P.........3X-. .vcruntime140_threads.dll_x86.!.)..4..CK.}|.U...E..Ge....WV..P...$@)...R..M..i...."b.UX.j]Y.b..V@..h.q.j.......*j]..R]..&S23NX|.........r....3s..3..D..".....-".....I..g>5P.8..Z..W.*\....r...Z..x..k....X..k.9.Jo.k.....>......U.z..........8...YK.<...%.*..}YE.qe...X..H9...<^.........B.K}.y....M.._.u.4..q.F.&....".... .0.....H...3...V..q.MP...".c...o....^.!v01.!b....!.v.#..s.../....c.u....3.`Kz...WM........l..c..1...p".6Z...8......Hw.p...[.D.?....W.K9...>+uz..\.^.....1.G...&..........r..@xm..|n...`..."D.S".K..g4...Z.Q..+

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\cabB3E1576D1FEFBB979E13B1A5379E0B16

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 5167260 bytes, 14 files, at 0x44 +A "mfc140.dll_x86" +A "mfc140chs.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 323 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5177492
                                                                                                                                                                                                          Entropy (8bit):7.997816222199811
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:4A17E4DA145FA1EA92A52266221AD628
                                                                                                                                                                                                          SHA1:F6304DE9D73609F6B9717D6A4D44EFD7AB7FFE9E
                                                                                                                                                                                                          SHA-256:9544ABBD46B39BEC491CF63076FB109306E519F303DF9CD583A28956172BF038
                                                                                                                                                                                                          SHA-512:DE9A6A1391070A9470F78208FF74120CFFD2A1E2580AF4ADD87914BA6DD27E07B092E66CAA847726E05EB5FAE0C1252681DE37F34B560D4D95F3B76F3599E16C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MSCF......N.....D.............................N..'..............C.....I.......3X-. .mfc140.dll_x86.P.....I...3X,. .mfc140chs.dll_x86.P....J...3X,. .mfc140cht.dll_x86..7..8rK...3X,. .mfc140deu.dll_x86.P.....L...3X,. .mfc140enu.dll_x86..3..h.M...3X,. .mfc140esn.dll_x86.h8..H.N...3X,. .mfc140fra.dll_x86.p0...(P...3X,. .mfc140ita.dll_x86..... YQ...3X,. .mfc140jpn.dll_x86......?R...3X,. .mfc140kor.dll_x86.P(...#S...3X,. .mfc140rus.dll_x86.xMJ.PKT...3X-. .mfc140u.dll_x86.pR.......3X,. .mfcm140.dll_x86.PR..8....3X,. .mfcm140u.dll_x86.z...4..CK..w..T.0.0" 8C(.R.X..6U..^..)...;..!.;.J'...w..C....."."..|...9.W.s......{V.Z.z.J.0.7...w.(.4\.|.E.D../.....O.E.~t...=1.-.....km...p....e...f.w.q..M.Hv.}.d...eW_3.a...0v.s.W................=.............NZ...L..T.......?3...>.L>...3..r...T....33.......{..M..a.~.u.Q.w.l..u.{O.rQ..$.E{...M.}..~<.T...Y..Q...{.s....p..Q..1Q4Y.2e...o....p.ye.p..R.I.S........oEQ.. .0.k........a..Rt...k.|....>X..Z...&]p....f...Q..~..j..}....k........ {

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\vcRuntimeAdditional_x86

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.383378429526644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                                                                                                                          SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                                                                                                                          SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                                                                                                                          SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\vcRuntimeMinimum_x86

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):184320
                                                                                                                                                                                                          Entropy (8bit):6.37750026266588
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                                                                                                                          SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                                                                                                                          SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                                                                                                                          SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):650080
                                                                                                                                                                                                          Entropy (8bit):7.2212720110363735
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          SHA1:41EDD6321965D48E11ECDED3852EB32E3C13848D
                                                                                                                                                                                                          SHA-256:D4C6F5C74BBB45C4F33D9CB7DDCE47226EA0A5AB90B8FF3F420B63A55C3F6DD2
                                                                                                                                                                                                          SHA-512:D85AC030EBB3BA4412E69B5693406FE87E46696CA2A926EF75B6F6438E16B0C7ED1342363098530CDCEB4DB8E50614F33F972F7995E4222313FCEF036887D0F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF093BF06F4A4DD39F.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.5274291266293867
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D9E6794DBA5469D475423A406B7FCCCE
                                                                                                                                                                                                          SHA1:E86BD28CBA3FA8D87C78CADC1F4A00623266FB4F
                                                                                                                                                                                                          SHA-256:7F3A59D143BDDD4B0D048FE1FBDD66E577CD18E3F5C02638FABA5C4FD150C74B
                                                                                                                                                                                                          SHA-512:50EBAF0B6286C8B4FE6E56BDE358C288ADB977128273E6415CF44E5C9360547AEB88C9577F3DC62BF7B753BC340B812983709C4F304D31163F8F14DB57BA534D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF113439709103C170.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.2234966367989113
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5541AB424A9AF5606AD27C4BEB42F24D
                                                                                                                                                                                                          SHA1:EE0B8D30D8EE1E43834A91DAE9DBA04DB4F8CBF1
                                                                                                                                                                                                          SHA-256:D882A6C738F7226909561A3CE38553DBBBF938478CBFCC11C4D9FE05EAC9D6E1
                                                                                                                                                                                                          SHA-512:0A3F89E1A09DC31452F8DA7376C86C173CD7DADBFCD6B324E30356D5D52E673B229208EDA84C2E90CD3CCA9024F03CF5FF51031DFB6E71549CEA637EB4E2C437
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF1CE38DC5813DE1F7.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.226767888620065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:251253A0174252637A4C25F5ADD53FD5
                                                                                                                                                                                                          SHA1:E58DD77C3B4633E1861BA567254A65C67838486C
                                                                                                                                                                                                          SHA-256:F406B763391E24A7EABBBF0A099513A4E38B4DAC2C8A0A0D8ED5332270F5E86A
                                                                                                                                                                                                          SHA-512:C5FE1F7A675FE959C7CDA237A6FFAA053CB13349C724A3B7F2CA4A45FFFC89EB6ECDED98D336537B325B8B0D7BF5ADB228C70A5DE9E1FA14D12E8AF173576463
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF1F3021BF0D08F55B.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF2CC0B7DB2D08AFFD.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.226767888620065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:251253A0174252637A4C25F5ADD53FD5
                                                                                                                                                                                                          SHA1:E58DD77C3B4633E1861BA567254A65C67838486C
                                                                                                                                                                                                          SHA-256:F406B763391E24A7EABBBF0A099513A4E38B4DAC2C8A0A0D8ED5332270F5E86A
                                                                                                                                                                                                          SHA-512:C5FE1F7A675FE959C7CDA237A6FFAA053CB13349C724A3B7F2CA4A45FFFC89EB6ECDED98D336537B325B8B0D7BF5ADB228C70A5DE9E1FA14D12E8AF173576463
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF369717DB9D263FCC.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.10342421288411675
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:AC1E65CEBD254CE1869F3A2EE4A96806
                                                                                                                                                                                                          SHA1:C3F1FDEAB639D744A0F5DF02391ECA507548D98F
                                                                                                                                                                                                          SHA-256:81F96E1A5954840850864FC0C676B2B82C96E85DDDA7D57E770863B54DA97190
                                                                                                                                                                                                          SHA-512:2A7CD51AA2E1376E9CDC7211A902FFA4833391AE75B86CBAA40EF217A6609389519B0851637D8C7F752F9714F245CE94874E860B169933ED8BBD0790761B1E70
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF4D630D5BB2CF609A.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF6019B9EE222447EB.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.5315712556143517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:26CEF42446593D466AB69CE0241B639D
                                                                                                                                                                                                          SHA1:84DDB07D4CBE7F8BA79610D9C7BAC8ECDD2B7A16
                                                                                                                                                                                                          SHA-256:B3CD2DC0FB7EBDE65E9F102FE5912DE0AD953E2DE27C4E7CB3A54E083820F4CD
                                                                                                                                                                                                          SHA-512:55B92CEA2A51C1EEFDAD5C36B1CACFC5C33FFB8D4CC86305814A3F98AB7426CC9FB6494AD2FE83045681D0E7B3EFB8A735D47FABF7DFAE169964D2B2E4E185C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF659C8881A94C0B4F.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):69632
                                                                                                                                                                                                          Entropy (8bit):0.12983999988695932
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:9CF48F8B3D4E07900A21A332351D3779
                                                                                                                                                                                                          SHA1:DCF7BE18022F08C3B06E4EF75A28660DFFD0B452
                                                                                                                                                                                                          SHA-256:AB42961DC784BE914825DA8012EA61E3BA06343B6A48490EBD3644037FB61D38
                                                                                                                                                                                                          SHA-512:D7896B96FD55F5B453E1A62F247BC421F49A215E3BEB031C497DA4C451AD1F4CF1AC62FB44E67AD303679514EB647E8DDCE9D35C3EB50E49049C540A00E17485
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF66CF6E5CD84ECA3C.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.5315712556143517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:26CEF42446593D466AB69CE0241B639D
                                                                                                                                                                                                          SHA1:84DDB07D4CBE7F8BA79610D9C7BAC8ECDD2B7A16
                                                                                                                                                                                                          SHA-256:B3CD2DC0FB7EBDE65E9F102FE5912DE0AD953E2DE27C4E7CB3A54E083820F4CD
                                                                                                                                                                                                          SHA-512:55B92CEA2A51C1EEFDAD5C36B1CACFC5C33FFB8D4CC86305814A3F98AB7426CC9FB6494AD2FE83045681D0E7B3EFB8A735D47FABF7DFAE169964D2B2E4E185C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF6F6795A5858F6938.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.226767888620065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:251253A0174252637A4C25F5ADD53FD5
                                                                                                                                                                                                          SHA1:E58DD77C3B4633E1861BA567254A65C67838486C
                                                                                                                                                                                                          SHA-256:F406B763391E24A7EABBBF0A099513A4E38B4DAC2C8A0A0D8ED5332270F5E86A
                                                                                                                                                                                                          SHA-512:C5FE1F7A675FE959C7CDA237A6FFAA053CB13349C724A3B7F2CA4A45FFFC89EB6ECDED98D336537B325B8B0D7BF5ADB228C70A5DE9E1FA14D12E8AF173576463
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF706870132CF7C8F3.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF7BC6F98708673241.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF7BEC552F71CDCED9.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.10228607613592977
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:12136771E7AE5475D9727073E913D132
                                                                                                                                                                                                          SHA1:52D2C21EF17DD136BF1B02ECC77E28B9B4885F4D
                                                                                                                                                                                                          SHA-256:D0778B596993353D383111C37114D8D0950ED0A38242594C08D1BDF91F259C67
                                                                                                                                                                                                          SHA-512:B4F4F8F1CC2A6FEEE075EA177DE53D0C1088EF5696EF347CA4B39D7B15D1206BBC7D1E754526F7B1DB99538FC3939068D42D71BC95503EDA9A395FA763BCD8D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF86EF27FAF863AF37.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.5274291266293867
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:D9E6794DBA5469D475423A406B7FCCCE
                                                                                                                                                                                                          SHA1:E86BD28CBA3FA8D87C78CADC1F4A00623266FB4F
                                                                                                                                                                                                          SHA-256:7F3A59D143BDDD4B0D048FE1FBDD66E577CD18E3F5C02638FABA5C4FD150C74B
                                                                                                                                                                                                          SHA-512:50EBAF0B6286C8B4FE6E56BDE358C288ADB977128273E6415CF44E5C9360547AEB88C9577F3DC62BF7B753BC340B812983709C4F304D31163F8F14DB57BA534D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF9EFD4292B9946CA6.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFA7A3CFD2B88230DA.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFA910C28B0D523D00.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFAC5A5B99D9292064.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFADB68C56C0A7264B.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFB55CAB66D5F7F959.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFC418780226BA2DDC.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):69632
                                                                                                                                                                                                          Entropy (8bit):0.1279287174840041
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:13C74DFEA0553EE7D813010850783D9D
                                                                                                                                                                                                          SHA1:CADA54426AEC1CD5FC30EDA77B736419E3166F1B
                                                                                                                                                                                                          SHA-256:B4191FB3409BB910D349C50FC59AC8F503FB1A0F39106B172FA5662D647C8683
                                                                                                                                                                                                          SHA-512:5D329EDADE934B8DDDD03555FA1E1C31C33C60D912F36F69720F1FBC6E10ABBD70BAF5424A4BCC5084FF2C985547C631617271D06C18FA730478E35236C511FF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFC5022AE2C41094E5.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.2234966367989113
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5541AB424A9AF5606AD27C4BEB42F24D
                                                                                                                                                                                                          SHA1:EE0B8D30D8EE1E43834A91DAE9DBA04DB4F8CBF1
                                                                                                                                                                                                          SHA-256:D882A6C738F7226909561A3CE38553DBBBF938478CBFCC11C4D9FE05EAC9D6E1
                                                                                                                                                                                                          SHA-512:0A3F89E1A09DC31452F8DA7376C86C173CD7DADBFCD6B324E30356D5D52E673B229208EDA84C2E90CD3CCA9024F03CF5FF51031DFB6E71549CEA637EB4E2C437
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFFF00DD60F388D1E4.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.2234966367989113
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:5541AB424A9AF5606AD27C4BEB42F24D
                                                                                                                                                                                                          SHA1:EE0B8D30D8EE1E43834A91DAE9DBA04DB4F8CBF1
                                                                                                                                                                                                          SHA-256:D882A6C738F7226909561A3CE38553DBBBF938478CBFCC11C4D9FE05EAC9D6E1
                                                                                                                                                                                                          SHA-512:0A3F89E1A09DC31452F8DA7376C86C173CD7DADBFCD6B324E30356D5D52E673B229208EDA84C2E90CD3CCA9024F03CF5FF51031DFB6E71549CEA637EB4E2C437
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          \Device\Mailslot\opera_installer\C:\Users\user\AppData\Local\Programs\Opera GX

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5816
                                                                                                                                                                                                          Entropy (8bit):3.6937539352013897
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                          MD5:93728BE86ACFB8F4F6671A3D3C4C7692
                                                                                                                                                                                                          SHA1:D62D0BDD419D6F5BB951385D961E561C744683E7
                                                                                                                                                                                                          SHA-256:BD574BF8BE71B37E8A7FAB0FF33806EB22BD881A729828FCC462EFE73556EE30
                                                                                                                                                                                                          SHA-512:23A01011AD9039EF02FB6B9E60671CCC5C3D06B8C9545E9EBF8CFFE2E75CFC705C972BD1D3DBE4FFA49502DEDB99D4EB0C068B7D8AC54F011AAF7664AB291A4E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                          Preview:........:Installer message:..... .......:Installer message:......... .......:Installer message:.....d...@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Installer message:.........direct_unpacking................@.......:Ins

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):6.789397310391007
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 98.81%
                                                                                                                                                                                                          • Windows ActiveX control (116523/4) 1.15%
                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                          File name:SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          File size:7'758'000 bytes
                                                                                                                                                                                                          MD5:ac5ffc6e945471ce5e631f5fa8853d5a
                                                                                                                                                                                                          SHA1:78f51682ec3d075aa90f49fe934ec77680d1e37a
                                                                                                                                                                                                          SHA256:5a5a8ea05ccbc2cf33b2ffa7b09a725cabfa86bac080458f4f80a572bae83aec
                                                                                                                                                                                                          SHA512:7e3ca0bdcbb45714765931df34f94fc66df83292c6b77f1681203130f393abcd31ff77c36df887bd78d1317daac7b80308f46916608bd076d37da9066dbae45e
                                                                                                                                                                                                          SSDEEP:196608:G8W5qsNKXzWYMk1xL4uNTxbY09a7bK5jK2e:G8WgsLYMk1d4kFY7mE
                                                                                                                                                                                                          TLSH:36767C107685C522D2B141B0DD69EBAB43797D2D6FF284EBB1841BED24312D33932B6E
                                                                                                                                                                                                          File Content Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........\B..=,..=,..=,..V/..=,..V).$=,..R...=,..H(..=,..H/..=,..H)..=,..a...=,..V(..=,..V*..=,..=,..=,.0H)..<,..V-..=,..=-.2?,.0H(..<,

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:0f33d470d054130e

                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Entrypoint:0x803442
                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                          Time Stamp:0x66B22CFF [Tue Aug 6 14:02:39 2024 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                          Import Hash:b54086d871acfbc137fab65ba145f30d

                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                                                          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                          Error Number:0
                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                          • 18/10/2023 14:27:26 18/10/2024 14:27:26
                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                          • E=support@rostpay.ru, CN=\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \u0420\u041e\u0421\u0422\u041f\u042d\u0419, O=\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \u0420\u041e\u0421\u0422\u041f\u042d\u0419, STREET="\u041f\u0415\u0420. \u0414\u041e\u041b\u041e\u041c\u0410\u041d\u041e\u0412\u0421\u041a\u0418\u0419, \u0414.70 \u041a.\u0414, \u041a\u0412.1(10 \u042d\u0422\u0410\u0416)", L=\u0420\u043e\u0441\u0442\u043e\u0432-\u043d\u0430-\u0414\u043e\u043d\u0443, S=\u0420\u043e\u0441\u0442\u043e\u0432\u0441\u043a\u0430\u044f \u043e\u0431\u043b\u0430\u0441\u0442\u044c, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                          Thumbprint MD5:5DF9B3CAFBB5C968D29FEBDE05012587
                                                                                                                                                                                                          Thumbprint SHA-1:5D3831FCE274BD4312AFCB10BEDF5D55671DB13F
                                                                                                                                                                                                          Thumbprint SHA-256:4AEC7C4E777911957901C717B4F2CA2FF01F4C5C301292E69001F38D208E389B
                                                                                                                                                                                                          Serial:7F16E036277B43F3E58C3CA8

                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                          call 00007F8F48D88DBEh
                                                                                                                                                                                                          jmp 00007F8F48D87BDFh
                                                                                                                                                                                                          jmp 00007F8F48A23984h
                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                          jmp 00007F8F48D87590h
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          push edi
                                                                                                                                                                                                          push esi
                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                          xor edi, edi
                                                                                                                                                                                                          mov eax, dword ptr [esp+14h]
                                                                                                                                                                                                          or eax, eax
                                                                                                                                                                                                          jnl 00007F8F48D87D76h
                                                                                                                                                                                                          inc edi
                                                                                                                                                                                                          mov edx, dword ptr [esp+10h]
                                                                                                                                                                                                          neg eax
                                                                                                                                                                                                          neg edx
                                                                                                                                                                                                          sbb eax, 00000000h
                                                                                                                                                                                                          mov dword ptr [esp+14h], eax
                                                                                                                                                                                                          mov dword ptr [esp+10h], edx
                                                                                                                                                                                                          mov eax, dword ptr [esp+1Ch]
                                                                                                                                                                                                          or eax, eax
                                                                                                                                                                                                          jnl 00007F8F48D87D76h
                                                                                                                                                                                                          inc edi
                                                                                                                                                                                                          mov edx, dword ptr [esp+18h]
                                                                                                                                                                                                          neg eax
                                                                                                                                                                                                          neg edx
                                                                                                                                                                                                          sbb eax, 00000000h
                                                                                                                                                                                                          mov dword ptr [esp+1Ch], eax
                                                                                                                                                                                                          mov dword ptr [esp+18h], edx
                                                                                                                                                                                                          or eax, eax
                                                                                                                                                                                                          jne 00007F8F48D87D7Ah
                                                                                                                                                                                                          mov ecx, dword ptr [esp+18h]
                                                                                                                                                                                                          mov eax, dword ptr [esp+14h]
                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                          div ecx
                                                                                                                                                                                                          mov ebx, eax
                                                                                                                                                                                                          mov eax, dword ptr [esp+10h]
                                                                                                                                                                                                          div ecx
                                                                                                                                                                                                          mov edx, ebx
                                                                                                                                                                                                          jmp 00007F8F48D87DA3h
                                                                                                                                                                                                          mov ebx, eax
                                                                                                                                                                                                          mov ecx, dword ptr [esp+18h]
                                                                                                                                                                                                          mov edx, dword ptr [esp+14h]
                                                                                                                                                                                                          mov eax, dword ptr [esp+10h]
                                                                                                                                                                                                          shr ebx, 1
                                                                                                                                                                                                          rcr ecx, 1
                                                                                                                                                                                                          shr edx, 1
                                                                                                                                                                                                          rcr eax, 1
                                                                                                                                                                                                          or ebx, ebx
                                                                                                                                                                                                          jne 00007F8F48D87D56h
                                                                                                                                                                                                          div ecx
                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                          mul dword ptr [esp+1Ch]
                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                          mov eax, dword ptr [esp+18h]
                                                                                                                                                                                                          mul esi
                                                                                                                                                                                                          add edx, ecx
                                                                                                                                                                                                          jc 00007F8F48D87D70h
                                                                                                                                                                                                          cmp edx, dword ptr [esp+14h]
                                                                                                                                                                                                          jnbe 00007F8F48D87D6Ah
                                                                                                                                                                                                          jc 00007F8F48D87D69h
                                                                                                                                                                                                          cmp eax, dword ptr [esp+10h]
                                                                                                                                                                                                          jbe 00007F8F48D87D63h
                                                                                                                                                                                                          dec esi
                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                          dec edi
                                                                                                                                                                                                          jne 00007F8F48D87D69h
                                                                                                                                                                                                          neg edx
                                                                                                                                                                                                          neg eax
                                                                                                                                                                                                          sbb edx, 00000000h
                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                          retn 0010h

                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x6594f40x17c.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xaab0000x96438.rsrc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x7636000x2ab0.data
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb420000x580f8.reloc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x5f55100x1c.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x5f56000x18.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5f55300x40.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x48d0000x9c8.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                          Sections

                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                          .text0x10000x48b35c0x48b40004156e6772278d3e5901876325aefcedunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .rdata0x48d0000x1cfb740x1cfc007f823e52eec350526a7727da50d59602False0.2336516593665768data5.744142194494479IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .data0x65d0000x44d3480x19a00e3c37eb00a74283a748f75070e589fdbunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .rsrc0xaab0000x964380x96600c40e8dcc1ece05d0ab97939158296d7eFalse0.8235125077930174data7.7746653259075345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .reloc0xb420000x580f80x58200f57d83129dd3f3f2d51680807dc5605aFalse0.4577543218085106data6.591185200866143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                          Resources

                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                          DISTR0xb1f4400x9457Zip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0005529953917052
                                                                                                                                                                                                          DISTR0xb310880x26ebZip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0011040851149253
                                                                                                                                                                                                          DISTR0xb337780xd9e6Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States1.0004661001756838
                                                                                                                                                                                                          DISTR0xadb5980x43ea1Zip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0003091556814545
                                                                                                                                                                                                          DISTR0xb288980x87ebZip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0006035349906597
                                                                                                                                                                                                          MOFILE0xabf7680x18b2GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_be.po (DriverHub) #-#-#-#-# '\320\237\321\200\321\213\320\275\321\217\321\206\321\214'EnglishUnited States0.44305599493831066
                                                                                                                                                                                                          MOFILE0xac10200x1317GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_cs.po (DriverHub) #-#-#-#-# 'P\305\231ijmout'EnglishUnited States0.49478207489257214
                                                                                                                                                                                                          MOFILE0xac23380x1295GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_da.po (DriverHub) #-#-#-#-# 'Accepter'EnglishUnited States0.47256674374605845
                                                                                                                                                                                                          MOFILE0xac35d00x1392GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_de.po (DriverHub) #-#-#-#-# 'Annehmen'EnglishUnited States0.4754491017964072
                                                                                                                                                                                                          MOFILE0xabf5d80x18dGNU message catalog (little endian), revision 0.0, 1 message, #-#-#-#-# DriverHub_en.po (DriverHub) #-#-#-#-#EnglishUnited States0.48614609571788414
                                                                                                                                                                                                          MOFILE0xac49680x1353GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_es.po (DriverHub) #-#-#-#-# 'Aceptar'EnglishUnited States0.46654538103901355
                                                                                                                                                                                                          MOFILE0xac5cc00x126cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_fi.po (DriverHub) #-#-#-#-# 'Hyv\303\244ksy'EnglishUnited States0.48876166242578456
                                                                                                                                                                                                          MOFILE0xac6f300x1362GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_fr.po (DriverHub) #-#-#-#-# 'Accepter'EnglishUnited States0.4703748488512696
                                                                                                                                                                                                          MOFILE0xac82980x137cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_hu.po (DriverHub) #-#-#-#-# 'Elfogad\303\241s'EnglishUnited States0.49358460304731355
                                                                                                                                                                                                          MOFILE0xac96180x134cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_it.po (DriverHub) #-#-#-#-# 'Accetta'EnglishUnited States0.4645748987854251
                                                                                                                                                                                                          MOFILE0xaca9680x15e7GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_ja.po (DriverHub) #-#-#-#-# '\346\211\277\350\252\215'EnglishUnited States0.4701266274299982
                                                                                                                                                                                                          MOFILE0xacd2c80x1861GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_kk.po (DriverHub) #-#-#-#-# '\322\232\320\260\320\261\321\213\320\273\320\264\320\260\321\203'EnglishUnited States0.42941836244191633
                                                                                                                                                                                                          MOFILE0xacbf500x1375GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_ko.po (DriverHub) #-#-#-#-# '\353\217\231\354\235\230'EnglishUnited States0.49809275245934553
                                                                                                                                                                                                          MOFILE0xaceb300x12a1GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_nb.po (DriverHub) #-#-#-#-# 'Akspetere'EnglishUnited States0.4835395261061019
                                                                                                                                                                                                          MOFILE0xacfdd80x130eGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_nl.po (DriverHub) #-#-#-#-# 'Accepteren'EnglishUnited States0.4665846658466585
                                                                                                                                                                                                          MOFILE0xad10e80x13afGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_pl.po (DriverHub) #-#-#-#-# 'Akceptuj'EnglishUnited States0.4943441158960111
                                                                                                                                                                                                          MOFILE0xad24980x131dGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_pt.po (DriverHub) #-#-#-#-# 'Aceitar'EnglishUnited States0.47087676272225626
                                                                                                                                                                                                          MOFILE0xad37b80x1763GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_ru.po (DriverHub) #-#-#-#-# '\320\237\321\200\320\270\320\275\321\217\321\202\321\214'EnglishUnited States0.4346083180223818
                                                                                                                                                                                                          MOFILE0xad4f200x13c3GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_sk.po (DriverHub) #-#-#-#-# 'Prija\305\245'EnglishUnited States0.49100612769322
                                                                                                                                                                                                          MOFILE0xad62e80x12d2GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_sv.po (DriverHub) #-#-#-#-# 'Acceptera'EnglishUnited States0.46824408468244083
                                                                                                                                                                                                          MOFILE0xad75c00x12f7GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_tr.po (DriverHub) #-#-#-#-# 'Kabul Et'EnglishUnited States0.4920700308959835
                                                                                                                                                                                                          MOFILE0xad88b80x1891GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_uk.po (DriverHub) #-#-#-#-# '\320\237\321\200\320\270\320\271\320\275\321\217\321\202\320\270'EnglishUnited States0.43536333280330736
                                                                                                                                                                                                          MOFILE0xada1500x113cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_zh.po (DriverHub) #-#-#-#-# '\346\216\245\345\217\227'EnglishUnited States0.5475974614687217
                                                                                                                                                                                                          RT_ICON0xaabcb00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.8085106382978723
                                                                                                                                                                                                          RT_ICON0xaac1180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.6893442622950819
                                                                                                                                                                                                          RT_ICON0xaacaa00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.5968574108818011
                                                                                                                                                                                                          RT_ICON0xaadb480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.4358921161825726
                                                                                                                                                                                                          RT_ICON0xab00f00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.3530940009447331
                                                                                                                                                                                                          RT_ICON0xab43180x7bfcPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0005040957781979
                                                                                                                                                                                                          RT_RCDATA0xabc5b80x104PNG image data, 7 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076923076923077
                                                                                                                                                                                                          RT_RCDATA0xabc4f80xbcPNG image data, 14 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9893617021276596
                                                                                                                                                                                                          RT_RCDATA0xabc0000x113PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018181818181818
                                                                                                                                                                                                          RT_RCDATA0xabc1180x3dbPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States0.6524822695035462
                                                                                                                                                                                                          RT_RCDATA0xabc6c00x136PNG image data, 14 x 9, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0225806451612902
                                                                                                                                                                                                          RT_RCDATA0xabbf780x87PNG image data, 12 x 2, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9777777777777777
                                                                                                                                                                                                          RT_RCDATA0xabc7f80x21ffPNG image data, 114 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001263931977479
                                                                                                                                                                                                          RT_RCDATA0xabe9f80xbdaPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036255767963085
                                                                                                                                                                                                          RT_GROUP_ICON0xabbf180x5adataEnglishUnited States0.7777777777777778
                                                                                                                                                                                                          RT_VERSION0xadb2900x308dataEnglishUnited States0.4536082474226804
                                                                                                                                                                                                          RT_MANIFEST0xb411600x2d4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4972375690607735

                                                                                                                                                                                                          Imports

                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                          bcrypt.dllBCryptCreateHash, BCryptFinishHash, BCryptEncrypt, BCryptCloseAlgorithmProvider, BCryptHashData, BCryptOpenAlgorithmProvider, BCryptDestroyHash, BCryptGenRandom, BCryptDestroyKey, BCryptDeriveKeyPBKDF2, BCryptSetProperty, BCryptGetProperty, BCryptGenerateSymmetricKey
                                                                                                                                                                                                          WINHTTP.dllWinHttpReceiveResponse, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpSendRequest, WinHttpSetOption, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpConnect, WinHttpCloseHandle, WinHttpOpen
                                                                                                                                                                                                          KERNEL32.dllWaitForSingleObjectEx, GetFileInformationByHandleEx, AreFileApisANSI, SetFileInformationByHandle, SetEndOfFile, GetFullPathNameW, FindFirstFileExW, CreateDirectoryW, GetCurrentDirectoryW, FormatMessageA, GetStringTypeW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, InitializeCriticalSectionEx, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableCS, SleepConditionVariableSRW, InitOnceBeginInitialize, InitOnceComplete, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, GetUserDefaultUILanguage, EncodePointer, DecodePointer, CompareStringEx, LCMapStringEx, SetThreadLocale, IsBadStringPtrA, IsBadReadPtr, QueryPerformanceFrequency, QueryPerformanceCounter, GetLogicalDriveStringsW, GetDriveTypeW, FindNextFileW, CreateThread, WaitForMultipleObjects, CopyFileW, CreateEventW, SetEvent, GetCPInfo, IsValidCodePage, InitializeCriticalSectionAndSpinCount, ResetEvent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, InitializeSListHead, GetNativeSystemInfo, GetVersionExW, IsDebuggerPresent, GetEnvironmentVariableW, OutputDebugStringW, GetTempFileNameW, GetLongPathNameW, FindFirstFileW, FindClose, GetCurrentProcessId, GetTempPathW, GetCommandLineW, RtlUnwind, LoadLibraryExW, ExitThread, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, GetCurrentThread, Sleep, TryEnterCriticalSection, RaiseException, GetSystemTimeAsFileTime, CreateMutexW, GetThreadLocale, GetLocaleInfoW, GetACP, EnumResourceNamesW, FormatMessageW, SetErrorMode, SetCurrentDirectoryW, GlobalFree, GlobalHandle, GlobalSize, GlobalLock, GlobalUnlock, GlobalAlloc, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, LoadLibraryW, FreeLibrary, GetCurrentThreadId, ExitProcess, SetLastError, MulDiv, ReadConsoleOutputCharacterA, SetConsoleCursorPosition, InitializeSRWLock, GetConsoleScreenBufferInfo, FillConsoleOutputCharacterW, WriteConsoleW, WriteConsoleA, AttachConsole, FreeConsole, GetStdHandle, GetModuleFileNameW, WideCharToMultiByte, SetFilePointerEx, ReadFile, GetFileTime, GetFileSizeEx, LocalFree, GetTickCount, WriteFile, GetFileType, CreateFileW, GetFileAttributesW, SetFileAttributesW, GetFileAttributesExW, DeleteFileW, MoveFileExW, MultiByteToWideChar, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, QueryFullProcessImageNameW, OpenProcess, TerminateProcess, FindResourceW, SizeofResource, LockResource, LoadResource, ExpandEnvironmentStringsW, GetProcAddress, GetModuleHandleW, IsWow64Process, CreateProcessW, GetCurrentProcess, WaitForSingleObject, GetLastError, CloseHandle, FreeLibraryAndExitThread, GetTimeZoneInformation, SetStdHandle, FlushFileBuffers, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, HeapFree, HeapReAlloc, HeapAlloc, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetCommandLineA, GetProcessHeap, IsProcessorFeaturePresent, HeapSize
                                                                                                                                                                                                          USER32.dllCreateAcceleratorTableW, DestroyCursor, SetMenuItemInfoW, InsertMenuItemW, SetMenuInfo, RemoveMenu, ModifyMenuW, AppendMenuW, InsertMenuW, GetSubMenu, DestroyMenu, CreatePopupMenu, CreateMenu, GetMenuState, ValidateRect, PostThreadMessageW, GetMessageW, GetClassNameW, MessageBeep, GetWindowTextW, SetActiveWindow, HideCaret, GetWindowTextLengthW, DestroyAcceleratorTable, IsMenu, GetComboBoxInfo, DrawIconEx, SetRectEmpty, SetRect, DrawStateW, DestroyIcon, DrawFocusRect, DrawTextW, CreateIconIndirect, GetWindowDC, BeginPaint, EndPaint, UnionRect, GetDesktopWindow, ChildWindowFromPoint, DrawEdge, DrawFrameControl, CheckMenuItem, GetMenuItemID, CheckMenuRadioItem, RegisterClipboardFormatW, GetClipboardFormatNameW, wsprintfW, ChangeDisplaySettingsExW, EnumDisplaySettingsW, MonitorFromPoint, EnumDisplayMonitors, TranslateAcceleratorW, GetDoubleClickTime, GetCaretBlinkTime, ValidateRgn, keybd_event, IsRectEmpty, GetIconInfo, SetTimer, LoadIconW, LoadBitmapW, FindWindowExW, SetMenu, PostMessageW, RegisterWindowMessageW, GetMonitorInfoW, MonitorFromWindow, GetSysColorBrush, CopyRect, SetWindowRgn, GetDlgItem, CreateDialogParamW, SystemParametersInfoW, GetScrollInfo, SetScrollInfo, IsDialogMessageW, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetWindow, SetParent, GetParent, PtInRect, InflateRect, FillRect, GetSysColor, ChildWindowFromPointEx, WindowFromPoint, MapWindowPoints, ScreenToClient, ClientToScreen, GetCursorPos, SetCursor, SetCursorPos, GetWindowRect, GetClientRect, EnableScrollBar, ScrollWindow, RedrawWindow, InvalidateRect, IsClipboardFormatAvailable, AdjustWindowRectEx, ShowCursor, DdeInitializeW, DdeUninitialize, DdeConnect, DdeDisconnect, DdePostAdvise, DdeNameService, DdeClientTransaction, DdeCreateDataHandle, DdeGetData, DdeFreeDataHandle, DdeGetLastError, DdeCreateStringHandleW, DdeQueryStringW, DdeFreeStringHandle, GetUpdateRgn, UpdateWindow, GetMenuItemInfoW, TrackPopupMenu, GetMenuItemCount, GetSystemMetrics, IsWindowEnabled, EnableWindow, ReleaseCapture, SetCapture, GetCapture, MapVirtualKeyW, VkKeyScanW, GetAsyncKeyState, GetFocus, GetActiveWindow, SetFocus, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, AnimateWindow, IsWindow, CallWindowProcW, PostQuitMessage, MsgWaitForMultipleObjects, GetMessageTime, GetMessagePos, UnregisterHotKey, RegisterHotKey, PeekMessageW, DispatchMessageW, TranslateMessage, ReleaseDC, GetDC, SetWindowLongW, GetWindowLongW, SetWindowTextW, SetForegroundWindow, EnableMenuItem, GetSystemMenu, DrawMenuBar, GetDialogBaseUnits, CreateDialogIndirectParamW, IsZoomed, BringWindowToTop, KillTimer, LoadImageW, IsIconic, GetWindowPlacement, SetWindowPos, MoveWindow, FlashWindowEx, SetLayeredWindowAttributes, ShowWindow, DestroyWindow, CreateWindowExW, DefWindowProcW, SendMessageW, LoadCursorW, GetProcessDefaultLayout, MessageBoxW, UnregisterClassW, RegisterClassW, GetKeyState, OffsetRect
                                                                                                                                                                                                          GDI32.dllSetPolyFillMode, StretchBlt, StretchDIBits, SetROP2, SetStretchBltMode, GetWorldTransform, SetWorldTransform, ModifyWorldTransform, ExtTextOutW, CreatePolygonRgn, DPtoLP, LPtoDP, Polygon, Polyline, PolyBezier, SetViewportExtEx, SetWindowExtEx, SetWindowOrgEx, GetBkColor, LineTo, MoveToEx, GetTextExtentPoint32W, CombineRgn, EqualRgn, GetRgnBox, PtInRegion, RectInRegion, CreatePalette, GetNearestPaletteIndex, SetPixel, CreateRectRgnIndirect, GetCharABCWidthsW, GetTextExtentExPointW, CreateICW, CreateDIBitmap, GetDIBits, CreateDIBSection, GetDIBColorTable, SetDIBColorTable, CreateDCW, GetSystemPaletteEntries, SetViewportOrgEx, CloseEnhMetaFile, CreateEnhMetaFileW, DeleteEnhMetaFile, GetEnhMetaFileW, GetEnhMetaFileHeader, PlayEnhMetaFile, EnumFontFamiliesExW, SetAbortProc, StartDocW, EndDoc, StartPage, EndPage, GetLayout, SetLayout, SetMapMode, SetGraphicsMode, ExtSelectClipRgn, RoundRect, SelectClipRgn, Rectangle, PolyPolygon, Pie, MaskBlt, GetPixel, GetObjectType, GetClipBox, ExtFloodFill, Ellipse, Arc, ExtCreatePen, CreatePen, CreateFontIndirectW, DeleteObject, GetDeviceCaps, GetOutlineTextMetricsW, SelectObject, GetTextMetricsW, CreateRectRgn, ExcludeClipRect, RealizePalette, SetBrushOrgEx, SelectPalette, GdiFlush, ExtCreateRegion, GetRegionData, OffsetRgn, GetObjectW, BitBlt, CreateBitmap, CreateBitmapIndirect, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, SetBkColor, SetBkMode, SetTextColor, CreateSolidBrush, GetGraphicsMode, GetViewportExtEx, GetWindowExtEx, CreateHatchBrush, GetPaletteEntries, GetStockObject, CreatePatternBrush
                                                                                                                                                                                                          COMDLG32.dllGetOpenFileNameW, PageSetupDlgW, PrintDlgW, CommDlgExtendedError, ChooseFontW, GetSaveFileNameW
                                                                                                                                                                                                          WINSPOOL.DRVGetPrinterW, DocumentPropertiesW, ClosePrinter, OpenPrinterW
                                                                                                                                                                                                          SHELL32.dllSHGetFolderPathW, CommandLineToArgvW, SHGetFileInfoW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ExtractIconExW, ExtractIconW, DragAcceptFiles, DragFinish, DragQueryPoint, DragQueryFileW, SHGetKnownFolderPath, ShellExecuteExW, ShellExecuteW
                                                                                                                                                                                                          SHLWAPI.dllSHAutoComplete, PathMatchSpecW, AssocQueryStringW
                                                                                                                                                                                                          COMCTL32.dllImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_ReplaceIcon, ImageList_Copy, ImageList_GetImageInfo, ImageList_GetIconSize, ImageList_Remove, ImageList_Replace, ImageList_Draw, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                          ole32.dllCoInitializeEx, CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc, OleInitialize, RevokeDragDrop, OleSetContainedObject, CoUninitialize, OleRun, OleLockRunning, CoLockObjectExternal, RegisterDragDrop, ReleaseStgMedium, OleSetClipboard, OleGetClipboard, OleFlushClipboard, OleIsCurrentClipboard, OleUninitialize
                                                                                                                                                                                                          OLEAUT32.dllSysFreeString, SafeArrayCreate, SafeArrayDestroy, SafeArrayPtrOfIndex, VariantInit, SysStringLen, VariantClear, SafeArrayUnlock, SafeArrayLock, VarBstrFromCy, SafeArrayGetVartype, VariantTimeToSystemTime, SystemTimeToVariantTime, SysAllocString
                                                                                                                                                                                                          RPCRT4.dllUuidToStringW, RpcStringFreeW
                                                                                                                                                                                                          ADVAPI32.dllGetUserNameW, RegEnumValueW, RegEnumKeyW, RegDeleteKeyW, GetSecurityInfo, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyExW, RegCreateKeyExW, RegCloseKey, FreeSid, CheckTokenMembership, AllocateAndInitializeSid
                                                                                                                                                                                                          VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                                                          OLEACC.dllLresultFromObject
                                                                                                                                                                                                          UxTheme.dllGetThemeMargins, GetCurrentThemeName, GetThemeBackgroundExtent, IsThemePartDefined, SetWindowTheme, GetThemeSysFont, GetThemeSysColor, GetThemeInt, GetThemePartSize, GetThemeFont, IsAppThemed, IsThemeActive, CloseThemeData, DrawThemeParentBackground, GetThemeColor, IsThemeBackgroundPartiallyTransparent, GetThemeBackgroundContentRect, DrawThemeBackground, OpenThemeData
                                                                                                                                                                                                          MSIMG32.dllAlphaBlend, GradientFill

                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:06:39:37
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe"
                                                                                                                                                                                                          Imagebase:0xc0000
                                                                                                                                                                                                          File size:7'758'000 bytes
                                                                                                                                                                                                          MD5 hash:AC5FFC6E945471CE5E631F5FA8853D5A
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                          Start time:06:40:06
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart
                                                                                                                                                                                                          Imagebase:0xdd0000
                                                                                                                                                                                                          File size:13'853'648 bytes
                                                                                                                                                                                                          MD5 hash:9882A328C8414274555845FA6B542D1E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                          Start time:06:40:06
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\{5255BE0D-01E1-4CED-A28E-E2F29C1CB462}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=632 /quiet /norestart
                                                                                                                                                                                                          Imagebase:0x370000
                                                                                                                                                                                                          File size:650'080 bytes
                                                                                                                                                                                                          MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                          Start time:06:40:07
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\{4BCC00FA-1573-42FF-90BD-8BEE0198C5B4}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{806F96A1-857F-4718-91A2-BB73ECC6E3F3} {8975F7C5-2319-4A19-A97F-ED725B823907} 7752
                                                                                                                                                                                                          Imagebase:0x120000
                                                                                                                                                                                                          File size:650'080 bytes
                                                                                                                                                                                                          MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                          Start time:06:40:08
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                          Imagebase:0x7ff6414c0000
                                                                                                                                                                                                          File size:69'632 bytes
                                                                                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                          Start time:06:40:18
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce
                                                                                                                                                                                                          Imagebase:0x2e0000
                                                                                                                                                                                                          File size:650'080 bytes
                                                                                                                                                                                                          MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                          Start time:06:40:18
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe"
                                                                                                                                                                                                          Imagebase:0x2e0000
                                                                                                                                                                                                          File size:650'080 bytes
                                                                                                                                                                                                          MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                          Start time:06:40:18
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560
                                                                                                                                                                                                          Imagebase:0x2e0000
                                                                                                                                                                                                          File size:650'080 bytes
                                                                                                                                                                                                          MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                          Start time:06:40:35
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\DriverHub\DriverHub.exe"
                                                                                                                                                                                                          Imagebase:0xef0000
                                                                                                                                                                                                          File size:7'722'672 bytes
                                                                                                                                                                                                          MD5 hash:9E73D5B139958CD42A7067CBC44810B7
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                          • Detection: 3%, ReversingLabs
                                                                                                                                                                                                          • Detection: 4%, Virustotal, Browse
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                          Start time:06:40:36
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
                                                                                                                                                                                                          Imagebase:0x120000
                                                                                                                                                                                                          File size:31'224 bytes
                                                                                                                                                                                                          MD5 hash:03BA6C3A52780D89BE563B7CD5668AD0
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                          Start time:06:40:45
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0
                                                                                                                                                                                                          Imagebase:0xa80000
                                                                                                                                                                                                          File size:3'277'888 bytes
                                                                                                                                                                                                          MD5 hash:CA696FF5944B0B4DC2786161F636E5D3
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                          Start time:06:40:47
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --silent --allusers=0 --server-tracking-blob=ZDk4YzUwYWJjYjhmMGQ4MDNiOGIxMmFlMmZjODBkM2IxOTViNGE1OWE1NGM4NDBkYTZkNDE3NzA5NTBlYTk2Yjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMjA0Mi42NjE1IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJhMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY4ZGNkZDI1LTc0YWUtNDFkNS05MDU3LWVmOWRiOTNmZTJhYiJ9
                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                          File size:6'731'168 bytes
                                                                                                                                                                                                          MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                          Start time:06:40:47
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x33c,0x340,0x344,0x318,0x270,0x61f11b54,0x61f11b60,0x61f11b6c
                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                          File size:6'731'168 bytes
                                                                                                                                                                                                          MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                          Start time:06:40:48
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WS
                                                                                                                                                                                                          Imagebase:0x6c0000
                                                                                                                                                                                                          File size:249'584 bytes
                                                                                                                                                                                                          MD5 hash:D17C53DAA4B02748963E7902370840B7
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                          Start time:06:40:48
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                                                                                                                                                          Imagebase:0x420000
                                                                                                                                                                                                          File size:6'731'168 bytes
                                                                                                                                                                                                          MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                          Start time:06:40:48
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chrome
                                                                                                                                                                                                          Imagebase:0x7ff7b0260000
                                                                                                                                                                                                          File size:2'509'656 bytes
                                                                                                                                                                                                          MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                          Start time:06:40:49
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,15605554830572178620,16010966864040095375,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:8
                                                                                                                                                                                                          Imagebase:0x7ff7b0260000
                                                                                                                                                                                                          File size:2'509'656 bytes
                                                                                                                                                                                                          MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                          Start time:06:40:50
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3400 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814064049" --session-guid=c06817d1-070c-4c26-b314-8753fc88a392 --server-tracking-blob=MzA1MTY5MTM4N2JkZTQ5ZGEwNDgwODYwZDE3ZWRjYjU3ODFmMzVmMTQ0NTU2ZjhlNzI0OWZkYTFjNWI3ZWIyZDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1hMzBiOTQ0YmQxNDc0YTUwOWFkZTA5MTQwNzQ1MjRlYyZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMyMDQyLjY2MTUiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImEzMGI5NDRiZDE0NzRhNTA5YWRlMDkxNDA3NDUyNGVjIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjhkY2RkMjUtNzRhZS00MWQ1LTkwNTctZWY5ZGI5M2ZlMmFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC05000000000000
                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                          File size:6'731'168 bytes
                                                                                                                                                                                                          MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                          Start time:06:40:50
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\7zS8343C58E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x6ceb1b54,0x6ceb1b60,0x6ceb1b6c
                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                          File size:6'731'168 bytes
                                                                                                                                                                                                          MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                          Start time:06:40:53
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.7cdf66164185824f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
                                                                                                                                                                                                          Imagebase:0x7ff6a22d0000
                                                                                                                                                                                                          File size:9'931'880 bytes
                                                                                                                                                                                                          MD5 hash:C2626794E09A2197C5AC2FECC2F611A2
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                          Start time:06:40:58
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.5463fcd871ea2a5b\Instup.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.5463fcd871ea2a5b\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US
                                                                                                                                                                                                          Imagebase:0x7ff79f300000
                                                                                                                                                                                                          File size:3'815'368 bytes
                                                                                                                                                                                                          MD5 hash:7342A3F59C64B20E80DE29EB49D99389
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                          Start time:06:41:20
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:1'499'104 bytes
                                                                                                                                                                                                          MD5 hash:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                          Start time:06:41:22
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --version
                                                                                                                                                                                                          Imagebase:0x340000
                                                                                                                                                                                                          File size:1'853'592 bytes
                                                                                                                                                                                                          MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                          Start time:06:41:22
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140640491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x4f4f48,0x4f4f58,0x4f4f64
                                                                                                                                                                                                          Imagebase:0x340000
                                                                                                                                                                                                          File size:1'853'592 bytes
                                                                                                                                                                                                          MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                          Start time:06:41:23
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.5463fcd871ea2a5b /edition:1 /prod:ais /stub_context:cfb210bd-23ad-423c-80bd-676eb3326a84:9931880 /guid:8f1b790c-0b6c-49f6-af59-eb5edbbdc516 /ga_clientid:b948cafa-c931-4096-ad8a-39fd88115699 /silent /WS /cookie:mmm_mrk_ppi_004_408_v /edat_dir:C:\Windows\Temp\asw.7cdf66164185824f /geo:US /online_installer
                                                                                                                                                                                                          Imagebase:0x7ff6a1420000
                                                                                                                                                                                                          File size:3'815'368 bytes
                                                                                                                                                                                                          MD5 hash:7342A3F59C64B20E80DE29EB49D99389
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                          Start time:06:41:31
                                                                                                                                                                                                          Start date:14/08/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.5463fcd871ea2a5b\New_180717ec\sbr.exe" 5872 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
                                                                                                                                                                                                          Imagebase:0x7ff6226c0000
                                                                                                                                                                                                          File size:20'376 bytes
                                                                                                                                                                                                          MD5 hash:6BE2F1A6317D2FE0EBBFD712BEAA2F63
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00DD3BC3 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 311fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 599 dd3bc3-dd3c50 call dff670 * 2 GetFileAttributesW 604 dd3c84-dd3c87 599->604 605 dd3c52-dd3c6d GetLastError 599->605 607 dd3c8d-dd3c90 604->607 608 dd3fd3 604->608 605->604 606 dd3c6f-dd3c70 605->606 609 dd3c75-dd3c7f call dd37d3 606->609 611 dd3cc9-dd3cd0 607->611 612 dd3c92-dd3ca5 SetFileAttributesW 607->612 610 dd3fd8-dd3fe1 608->610 617 dd3fea-dd3ff1 609->617 610->617 618 dd3fe3-dd3fe4 FindClose 610->618 614 dd3cdf-dd3ce7 611->614 615 dd3cd2-dd3cd9 611->615 612->611 613 dd3ca7-dd3cc7 GetLastError 612->613 613->609 620 dd3ce9-dd3cfd GetTempPathW 614->620 621 dd3d24-dd3d3f call dd2d79 614->621 615->614 619 dd3f57 615->619 623 dd3ffe-dd4010 call dfde36 617->623 624 dd3ff3-dd3ff9 call e154ef 617->624 618->617 626 dd3f5d-dd3f6b RemoveDirectoryW 619->626 620->621 627 dd3cff-dd3d1f GetLastError 620->627 621->617 635 dd3d45-dd3d61 FindFirstFileW 621->635 624->623 626->610 631 dd3f6d-dd3f83 GetLastError 626->631 627->609 633 dd3f9f-dd3fa1 631->633 634 dd3f85-dd3f87 631->634 633->610 637 dd3fa3-dd3fa9 633->637 636 dd3f89-dd3f9b MoveFileExW 634->636 634->637 638 dd3d88-dd3d92 635->638 639 dd3d63-dd3d7e GetLastError 635->639 636->637 640 dd3f9d 636->640 641 dd3ef9-dd3f03 call dd37d3 637->641 642 dd3db9-dd3ddf call dd2d79 638->642 643 dd3d94-dd3d9d 638->643 639->638 640->633 641->610 642->610 653 dd3de5-dd3df2 642->653 646 dd3ebc-dd3ecc FindNextFileW 643->646 647 dd3da3-dd3daa 643->647 649 dd3f4c-dd3f51 GetLastError 646->649 650 dd3ece-dd3ed4 646->650 647->642 652 dd3dac-dd3db3 647->652 654 dd3fae-dd3fce GetLastError 649->654 655 dd3f53-dd3f55 649->655 650->638 652->642 652->646 656 dd3df4-dd3df6 653->656 657 dd3e21-dd3e28 653->657 654->641 655->626 656->657 658 dd3df8-dd3e08 call dd2b2e 656->658 659 dd3e2e-dd3e30 657->659 660 dd3eb6 657->660 658->610 669 dd3e0e-dd3e17 call dd3bc3 658->669 662 dd3e4b-dd3e59 DeleteFileW 659->662 663 dd3e32-dd3e45 SetFileAttributesW 659->663 660->646 662->660 666 dd3e5b-dd3e5d 662->666 663->662 665 dd3ed9-dd3ef4 GetLastError 663->665 665->641 667 dd3f2a-dd3f4a GetLastError 666->667 668 dd3e63-dd3e80 GetTempFileNameW 666->668 667->641 670 dd3f08-dd3f28 GetLastError 668->670 671 dd3e86-dd3ea3 MoveFileExW 668->671 675 dd3e1c 669->675 670->641 673 dd3eae 671->673 674 dd3ea5-dd3eac 671->674 676 dd3eb4 MoveFileExW 673->676 674->676 675->660 676->660
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00DD3C3F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3C52
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 00DD3C9D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3CA7
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 00DD3CF5
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3CFF
                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 00DD3D52
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3D63
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 00DD3E3D
                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 00DD3E51
                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 00DD3E78
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 00DD3E9B
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00DD3EB4
                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 00DD3EC4
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3ED9
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3F08
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3F2A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3F4C
                                                                                                                                                                                                            • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00DD3F63
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3F6D
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00DD3F93
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3FAE
                                                                                                                                                                                                            • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 00DD3FE4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                                                                            • String ID: *.*$DEL$dirutil.cpp
                                                                                                                                                                                                            • API String ID: 1544372074-1252831301
                                                                                                                                                                                                            • Opcode ID: 6451aa2645a6116acdb1c498bc13bf9a7c6951d4f86bdb02740937f4d8e7d6fb
                                                                                                                                                                                                            • Instruction ID: bbbb2bacc73b95ec9a97076531f2f3b366c759dd3797ee014b7c274450534ef2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6451aa2645a6116acdb1c498bc13bf9a7c6951d4f86bdb02740937f4d8e7d6fb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB1B972E01239AAEB305B758C44BE6B6B9EF44710F0542A6FD09F7290D7718E84CBB1
                                                                                                                                                                                                            Function 00DD508D Relevance: 44.1, APIs: 5, Strings: 20, Instructions: 322COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 677 dd508d-dd513b call dff670 * 2 GetModuleHandleW call e103f0 call e105a2 call dd1209 688 dd513d 677->688 689 dd5151-dd5162 call dd41d2 677->689 691 dd5142-dd514c call e1012f 688->691 695 dd516b-dd5187 call dd5525 CoInitializeEx 689->695 696 dd5164-dd5169 689->696 697 dd53cc-dd53d3 691->697 705 dd5189-dd518e 695->705 706 dd5190-dd519c call e0fbad 695->706 696->691 700 dd53d5-dd53db call e154ef 697->700 701 dd53e0-dd53e2 697->701 700->701 703 dd53e4-dd53eb 701->703 704 dd5407-dd5425 call ddd723 call dea6d0 call dea91e 701->704 703->704 707 dd53ed-dd5402 call e1041b 703->707 727 dd5427-dd542f 704->727 728 dd5453-dd5466 call dd4e9c 704->728 705->691 714 dd519e 706->714 715 dd51b0-dd51bf call e10cd1 706->715 707->704 718 dd51a3-dd51ab call e1012f 714->718 722 dd51c8-dd51d7 call e129b3 715->722 723 dd51c1-dd51c6 715->723 718->697 733 dd51d9-dd51de 722->733 734 dd51e0-dd51ef call e1343b 722->734 723->718 727->728 731 dd5431-dd5434 727->731 736 dd546d-dd5474 728->736 737 dd5468 call e13911 728->737 731->728 735 dd5436-dd5451 call de416a call dd550f 731->735 733->718 747 dd51f8-dd5217 GetVersionExW 734->747 748 dd51f1-dd51f6 734->748 735->728 742 dd547b-dd5482 736->742 743 dd5476 call e12dd0 736->743 737->736 749 dd5489-dd5490 742->749 750 dd5484 call e11317 742->750 743->742 752 dd5219-dd524c GetLastError call dd37d3 747->752 753 dd5251-dd5296 call dd33d7 call dd550f 747->753 748->718 755 dd5497-dd5499 749->755 756 dd5492 call e0fcbc 749->756 750->749 752->718 775 dd52a9-dd52b9 call de7337 753->775 776 dd5298-dd52a3 call e154ef 753->776 759 dd549b CoUninitialize 755->759 760 dd54a1-dd54a8 755->760 756->755 759->760 763 dd54aa-dd54ac 760->763 764 dd54e3-dd54ec call e1000b 760->764 768 dd54ae-dd54b0 763->768 769 dd54b2-dd54b8 763->769 773 dd54ee call dd44e9 764->773 774 dd54f3-dd550c call e106f5 call dfde36 764->774 772 dd54ba-dd54d3 call de3c30 call dd550f 768->772 769->772 772->764 792 dd54d5-dd54e2 call dd550f 772->792 773->774 788 dd52bb 775->788 789 dd52c5-dd52ce 775->789 776->775 788->789 793 dd52d4-dd52d7 789->793 794 dd5396-dd53a3 call dd4c33 789->794 792->764 797 dd52dd-dd52e0 793->797 798 dd536e-dd538a call dd49df 793->798 802 dd53a8-dd53ac 794->802 799 dd5346-dd5362 call dd47e9 797->799 800 dd52e2-dd52e5 797->800 808 dd53b8-dd53ca 798->808 813 dd538c 798->813 799->808 815 dd5364 799->815 804 dd531e-dd533a call dd4982 800->804 805 dd52e7-dd52ea 800->805 807 dd53ae 802->807 802->808 804->808 819 dd533c 804->819 811 dd52ec-dd52f1 805->811 812 dd52fb-dd530e call dd4b80 805->812 807->808 808->697 811->812 812->808 820 dd5314 812->820 813->794 815->798 819->799 820->804
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00DD510F
                                                                                                                                                                                                              • Part of subcall function 00E103F0: InitializeCriticalSection.KERNEL32(00E3B60C,?,00DD511B,00000000,?,?,?,?,?,?), ref: 00E10407
                                                                                                                                                                                                              • Part of subcall function 00DD1209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00DD5137,00000000,?), ref: 00DD1247
                                                                                                                                                                                                              • Part of subcall function 00DD1209: GetLastError.KERNEL32(?,?,?,00DD5137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00DD1251
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00DD517D
                                                                                                                                                                                                              • Part of subcall function 00E10CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00E10CF2
                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00DD520F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00DD5219
                                                                                                                                                                                                            • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DD549B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                                                                            • String ID: 3.10.4.4718$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
                                                                                                                                                                                                            • API String ID: 3262001429-867073019
                                                                                                                                                                                                            • Opcode ID: 2b91a65a447f13cf1059b21a0a98fe59020630393a0a5c5f0d09d5a1204dce4f
                                                                                                                                                                                                            • Instruction ID: f2693d3fbcd5cf2a977f74c4269468cf6f5665a49f68dc7752f2edcd39ccaf7d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b91a65a447f13cf1059b21a0a98fe59020630393a0a5c5f0d09d5a1204dce4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBB1B472D40B29ABDB32AF64DC46BED76A8AF44341F040196F909B6345DB719EC08FB1
                                                                                                                                                                                                            Function 00E12F23 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152libraryloadercomCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00E134DF,00000000,?,00000000), ref: 00E12F3D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00DFBDED,?,00DD52FD,?,00000000,?), ref: 00E12F49
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00E12F89
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E12F95
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 00E12FA0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E12FAA
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00E3B6C8,00000000,00000001,00E1B808,?,?,?,?,?,?,?,?,?,?,?,00DFBDED), ref: 00E12FE5
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00E13094
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                                                            • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 2124981135-499589564
                                                                                                                                                                                                            • Opcode ID: 0b3f3652702acc51715e700e3cf0392701b2bae9d584164c24a0299d2e988f5c
                                                                                                                                                                                                            • Instruction ID: 2df726a4401230d80f6836c015b4951a6d91ee4256ffb4398b84990c5d193618
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b3f3652702acc51715e700e3cf0392701b2bae9d584164c24a0299d2e988f5c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8419F31A00315ABDB249FB88C49BEEBBE4EF48714F115069EA06F7251D771DE80CBA0
                                                                                                                                                                                                            Function 00DD1070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD33D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00DD10DD,?,00000000), ref: 00DD33F8
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 00DD10F6
                                                                                                                                                                                                              • Part of subcall function 00DD1174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD1185
                                                                                                                                                                                                              • Part of subcall function 00DD1174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD1190
                                                                                                                                                                                                              • Part of subcall function 00DD1174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DD119E
                                                                                                                                                                                                              • Part of subcall function 00DD1174: GetLastError.KERNEL32(?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD11B9
                                                                                                                                                                                                              • Part of subcall function 00DD1174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00DD11C1
                                                                                                                                                                                                              • Part of subcall function 00DD1174: GetLastError.KERNEL32(?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD11D6
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,00E1B4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 00DD1131
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorFileLastModuleProc$ChangeCloseCreateFindHandleHeapInformationNameNotification
                                                                                                                                                                                                            • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                                                                            • API String ID: 2670336470-3151496603
                                                                                                                                                                                                            • Opcode ID: c7a6fe4f5140d804b47dac2d54a4082d085034148edb5bb1cf335df5def8fbef
                                                                                                                                                                                                            • Instruction ID: de4ebbaddb1607c44d088519efaa8d771e5c5995f5456135e7970acc380f3c68
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7a6fe4f5140d804b47dac2d54a4082d085034148edb5bb1cf335df5def8fbef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D21717190021CABDB109FA5DC46BEEBBB9EF48310F508119FA20B7291E7709948CBB0
                                                                                                                                                                                                            Function 00DE9EB7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed create working folder., xrefs: 00DE9EEA
                                                                                                                                                                                                            • Failed to copy working folder., xrefs: 00DE9F12
                                                                                                                                                                                                            • Failed to calculate working folder to ensure it exists., xrefs: 00DE9ED4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                                                                            • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                                                                            • API String ID: 3841436932-2072961686
                                                                                                                                                                                                            • Opcode ID: 3aeeab648f62500cd42e8f8b7a0e427a06f0f6ecedde5a577401a80d53854997
                                                                                                                                                                                                            • Instruction ID: cfb2c2ec17562be9b5dd4732211c54f4a4b64a67cf28e01eec8c90f3f722c6ec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aeeab648f62500cd42e8f8b7a0e427a06f0f6ecedde5a577401a80d53854997
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07018832D066A8F78B227A57DC15CAFBA78DF80B207104256F904B6216DB719E50A6F0
                                                                                                                                                                                                            Function 00E04812 Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,00E047E8,00000000,00E37CF8,0000000C,00E0493F,00000000,00000002,00000000), ref: 00E04833
                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00E047E8,00000000,00E37CF8,0000000C,00E0493F,00000000,00000002,00000000), ref: 00E0483A
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00E0484C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                            • Opcode ID: 2a05f9b299ae98cd12a8b4d789f606138ec7e86d2c0db20702aa256d4f2ed448
                                                                                                                                                                                                            • Instruction ID: cd50a7942b4f67e2d6ea70850ec17affd2f572a0855b12088652fd507cbd0b90
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a05f9b299ae98cd12a8b4d789f606138ec7e86d2c0db20702aa256d4f2ed448
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07E04F7100014CAFCF016F11DE09A993F69FB45341F058414FA046B1B1CB35DC85DA90
                                                                                                                                                                                                            Function 00DD38D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1357844191-0
                                                                                                                                                                                                            • Opcode ID: f768d0277cc1be328011b899cf8db60c8fe1ee90aae0c4df9924102f12fa142c
                                                                                                                                                                                                            • Instruction ID: 61032bda01c53898433561050d449a39b656156dd57e2b59ed4f65b1e9973543
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f768d0277cc1be328011b899cf8db60c8fe1ee90aae0c4df9924102f12fa142c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33C012722E0208BBCB006FF9EC0EC9A3BACAB28602700C400B905D6110CB3CE0188B60
                                                                                                                                                                                                            Function 00DDDE25 Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 646COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00DDDF4A
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00DDE62A
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                                                                            • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$always$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
                                                                                                                                                                                                            • API String ID: 336948655-2612374807
                                                                                                                                                                                                            • Opcode ID: f95623a64228ce26150016fd686bdbc73687376209e9e48968b948a30b7df2c6
                                                                                                                                                                                                            • Instruction ID: 5e1c3f037f28ffe03319f49d900f0fe97e449f34545a0a7d1209555ed9df7de3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f95623a64228ce26150016fd686bdbc73687376209e9e48968b948a30b7df2c6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86329131A40325ABCB11AB64DC41FAEBBB5AF04724F154266F915BB3D1D770EE40DBA0
                                                                                                                                                                                                            Function 00DDF86E Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 445COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 220 ddf86e-ddf8a4 call e1388a 223 ddf8b8-ddf8d1 call e131c7 220->223 224 ddf8a6-ddf8b3 call e1012f 220->224 230 ddf8dd-ddf8f2 call e131c7 223->230 231 ddf8d3-ddf8d8 223->231 229 ddfda0-ddfda5 224->229 234 ddfdad-ddfdb2 229->234 235 ddfda7-ddfda9 229->235 242 ddf8fe-ddf90b call dde936 230->242 243 ddf8f4-ddf8f9 230->243 232 ddfd97-ddfd9e call e1012f 231->232 248 ddfd9f 232->248 236 ddfdba-ddfdbf 234->236 237 ddfdb4-ddfdb6 234->237 235->234 240 ddfdc7-ddfdcb 236->240 241 ddfdc1-ddfdc3 236->241 237->236 245 ddfdcd-ddfdd0 call e154ef 240->245 246 ddfdd5-ddfddc 240->246 241->240 251 ddf90d-ddf912 242->251 252 ddf917-ddf92c call e131c7 242->252 243->232 245->246 248->229 251->232 255 ddf92e-ddf933 252->255 256 ddf938-ddf94a call e14b5a 252->256 255->232 259 ddf94c-ddf954 256->259 260 ddf959-ddf96e call e131c7 256->260 261 ddfc23-ddfc2c call e1012f 259->261 265 ddf97a-ddf98f call e131c7 260->265 266 ddf970-ddf975 260->266 261->248 270 ddf99b-ddf9ad call e133db 265->270 271 ddf991-ddf996 265->271 266->232 274 ddf9af-ddf9b4 270->274 275 ddf9b9-ddf9cf call e1388a 270->275 271->232 274->232 278 ddfc7e-ddfc98 call ddebb2 275->278 279 ddf9d5-ddf9d7 275->279 286 ddfc9a-ddfc9f 278->286 287 ddfca4-ddfcbc call e1388a 278->287 280 ddf9d9-ddf9de 279->280 281 ddf9e3-ddf9f8 call e133db 279->281 280->232 288 ddf9fa-ddf9ff 281->288 289 ddfa04-ddfa19 call e131c7 281->289 286->232 294 ddfd86-ddfd87 call ddefe5 287->294 295 ddfcc2-ddfcc4 287->295 288->232 297 ddfa29-ddfa3e call e131c7 289->297 298 ddfa1b-ddfa1d 289->298 303 ddfd8c-ddfd90 294->303 299 ddfcc6-ddfccb 295->299 300 ddfcd0-ddfcee call e131c7 295->300 308 ddfa4e-ddfa63 call e131c7 297->308 309 ddfa40-ddfa42 297->309 298->297 304 ddfa1f-ddfa24 298->304 299->232 310 ddfcfa-ddfd12 call e131c7 300->310 311 ddfcf0-ddfcf5 300->311 303->248 307 ddfd92 303->307 304->232 307->232 319 ddfa65-ddfa67 308->319 320 ddfa73-ddfa88 call e131c7 308->320 309->308 312 ddfa44-ddfa49 309->312 317 ddfd1f-ddfd37 call e131c7 310->317 318 ddfd14-ddfd16 310->318 311->232 312->232 327 ddfd39-ddfd3b 317->327 328 ddfd44-ddfd5c call e131c7 317->328 318->317 321 ddfd18-ddfd1d 318->321 319->320 322 ddfa69-ddfa6e 319->322 329 ddfa98-ddfaad call e131c7 320->329 330 ddfa8a-ddfa8c 320->330 321->232 322->232 327->328 331 ddfd3d-ddfd42 327->331 337 ddfd5e-ddfd63 328->337 338 ddfd65-ddfd7d call e131c7 328->338 339 ddfabd-ddfad2 call e131c7 329->339 340 ddfaaf-ddfab1 329->340 330->329 332 ddfa8e-ddfa93 330->332 331->232 332->232 337->232 338->294 346 ddfd7f-ddfd84 338->346 347 ddfad4-ddfad6 339->347 348 ddfae2-ddfaf7 call e131c7 339->348 340->339 342 ddfab3-ddfab8 340->342 342->232 346->232 347->348 349 ddfad8-ddfadd 347->349 352 ddfaf9-ddfafb 348->352 353 ddfb07-ddfb1c call e131c7 348->353 349->232 352->353 354 ddfafd-ddfb02 352->354 357 ddfb2c-ddfb44 call e131c7 353->357 358 ddfb1e-ddfb20 353->358 354->232 362 ddfb54-ddfb6c call e131c7 357->362 363 ddfb46-ddfb48 357->363 358->357 359 ddfb22-ddfb27 358->359 359->232 367 ddfb7c-ddfb91 call e131c7 362->367 368 ddfb6e-ddfb70 362->368 363->362 364 ddfb4a-ddfb4f 363->364 364->232 372 ddfb97-ddfbb4 CompareStringW 367->372 373 ddfc31-ddfc33 367->373 368->367 369 ddfb72-ddfb77 368->369 369->232 374 ddfbbe-ddfbd3 CompareStringW 372->374 375 ddfbb6-ddfbbc 372->375 376 ddfc3e-ddfc40 373->376 377 ddfc35-ddfc3c 373->377 379 ddfbd5-ddfbdf 374->379 380 ddfbe1-ddfbf6 CompareStringW 374->380 378 ddfbff-ddfc04 375->378 381 ddfc4c-ddfc64 call e133db 376->381 382 ddfc42-ddfc47 376->382 377->376 378->376 379->378 384 ddfbf8 380->384 385 ddfc06-ddfc1e call dd37d3 380->385 381->278 388 ddfc66-ddfc68 381->388 382->232 384->378 385->261 390 ddfc6a-ddfc6f 388->390 391 ddfc74 388->391 390->232 391->278
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                                                                                                                            • API String ID: 0-2956246334
                                                                                                                                                                                                            • Opcode ID: c7f43b475aa7be46dae91f3dd09e68c662aadb39bb43eec869c02a16bd4e7839
                                                                                                                                                                                                            • Instruction ID: 1e9c7f4bc898bc65d7a4c9085f5a05b4f56d0eb23173b1929e6adeb828d92fa6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7f43b475aa7be46dae91f3dd09e68c662aadb39bb43eec869c02a16bd4e7839
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FE1F632E81775BBCB21A7A0DC42EFD7AA5AB10710F1512B7FD12B7391C760AE5097A0
                                                                                                                                                                                                            Function 00DDB389 Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 565fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 392 ddb389-ddb3fd call dff670 * 2 397 ddb3ff-ddb42a GetLastError call dd37d3 392->397 398 ddb435-ddb450 SetFilePointerEx 392->398 408 ddb42f-ddb430 397->408 400 ddb484-ddb49e ReadFile 398->400 401 ddb452-ddb482 GetLastError call dd37d3 398->401 404 ddb4d5-ddb4dc 400->404 405 ddb4a0-ddb4d0 GetLastError call dd37d3 400->405 401->408 406 ddbad3-ddbae7 call dd37d3 404->406 407 ddb4e2-ddb4eb 404->407 405->408 422 ddbaec 406->422 407->406 411 ddb4f1-ddb501 SetFilePointerEx 407->411 412 ddbaed-ddbaf3 call e1012f 408->412 415 ddb538-ddb550 ReadFile 411->415 416 ddb503-ddb52e GetLastError call dd37d3 411->416 424 ddbaf4-ddbb06 call dfde36 412->424 420 ddb587-ddb58e 415->420 421 ddb552-ddb57d GetLastError call dd37d3 415->421 416->415 427 ddbab8-ddbad1 call dd37d3 420->427 428 ddb594-ddb59e 420->428 421->420 422->412 427->422 428->427 432 ddb5a4-ddb5c7 SetFilePointerEx 428->432 435 ddb5fe-ddb616 ReadFile 432->435 436 ddb5c9-ddb5f4 GetLastError call dd37d3 432->436 437 ddb64d-ddb665 ReadFile 435->437 438 ddb618-ddb643 GetLastError call dd37d3 435->438 436->435 442 ddb69c-ddb6b7 SetFilePointerEx 437->442 443 ddb667-ddb692 GetLastError call dd37d3 437->443 438->437 446 ddb6b9-ddb6e7 GetLastError call dd37d3 442->446 447 ddb6f1-ddb710 ReadFile 442->447 443->442 446->447 448 ddba79-ddbaad GetLastError call dd37d3 447->448 449 ddb716-ddb718 447->449 458 ddbaae-ddbab6 call e1012f 448->458 453 ddb719-ddb720 449->453 456 ddba54-ddba71 call dd37d3 453->456 457 ddb726-ddb732 453->457 472 ddba76-ddba77 456->472 459 ddb73d-ddb746 457->459 460 ddb734-ddb73b 457->460 458->424 464 ddb74c-ddb772 ReadFile 459->464 465 ddba17-ddba2e call dd37d3 459->465 460->459 463 ddb780-ddb787 460->463 470 ddb789-ddb7ab call dd37d3 463->470 471 ddb7b0-ddb7c7 call dd38d4 463->471 464->448 469 ddb778-ddb77e 464->469 476 ddba33-ddba39 call e1012f 465->476 469->453 470->472 479 ddb7c9-ddb7e6 call dd37d3 471->479 480 ddb7eb-ddb800 SetFilePointerEx 471->480 472->458 488 ddba3f-ddba40 476->488 479->412 483 ddb840-ddb865 ReadFile 480->483 484 ddb802-ddb830 GetLastError call dd37d3 480->484 489 ddb89c-ddb8a8 483->489 490 ddb867-ddb89a GetLastError call dd37d3 483->490 499 ddb835-ddb83b call e1012f 484->499 492 ddba41-ddba43 488->492 494 ddb8cb-ddb8cf 489->494 495 ddb8aa-ddb8c6 call dd37d3 489->495 490->499 492->424 500 ddba49-ddba4f call dd3999 492->500 497 ddb90a-ddb91d call e148cb 494->497 498 ddb8d1-ddb905 call dd37d3 call e1012f 494->498 495->476 512 ddb91f-ddb924 497->512 513 ddb929-ddb933 497->513 498->492 499->488 500->424 512->499 515 ddb93d-ddb945 513->515 516 ddb935-ddb93b 513->516 518 ddb947-ddb94f 515->518 519 ddb951-ddb954 515->519 517 ddb956-ddb9b6 call dd38d4 516->517 522 ddb9b8-ddb9d4 call dd37d3 517->522 523 ddb9da-ddb9fb call dff0f0 call ddb106 517->523 518->517 519->517 522->523 523->492 530 ddb9fd-ddba0d call dd37d3 523->530 530->465
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,7745C310,00000000), ref: 00DDB3FF
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB44C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,7745C310,00000000), ref: 00DDB452
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00DD435C,00000040,?,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB49A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,7745C310,00000000), ref: 00DDB4A0
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB4FD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB503
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB54C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB552
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB5C3
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB5C9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$File$Pointer$Read
                                                                                                                                                                                                            • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                                                                                                                                                            • API String ID: 2600052162-695169583
                                                                                                                                                                                                            • Opcode ID: cf04652500c3cbe30a49063709e922715075d62235074a39a14a7ec06a9a8492
                                                                                                                                                                                                            • Instruction ID: 533f7c546374ccfad3891f436002d2ff8feec8bdb7fb6384723e86bbdb412366
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf04652500c3cbe30a49063709e922715075d62235074a39a14a7ec06a9a8492
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A129E71A40725FBEB209A25DC45FEA76A8EF04714F024167BD09FB380D7708E858BB2
                                                                                                                                                                                                            Function 00DF0A77 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 533 df0a77-df0a90 SetEvent 534 df0aca-df0ad6 WaitForSingleObject 533->534 535 df0a92-df0ac5 GetLastError call dd37d3 533->535 537 df0ad8-df0b0b GetLastError call dd37d3 534->537 538 df0b10-df0b1b ResetEvent 534->538 547 df0e25-df0e26 call e1012f 535->547 537->547 540 df0b1d-df0b50 GetLastError call dd37d3 538->540 541 df0b55-df0b5b 538->541 540->547 545 df0b5d-df0b60 541->545 546 df0b96-df0baf call dd21bc 541->546 549 df0b8c-df0b91 545->549 550 df0b62-df0b87 call dd37d3 call e1012f 545->550 558 df0bca-df0bd5 SetEvent 546->558 559 df0bb1-df0bc5 call e1012f 546->559 556 df0e2b-df0e2c 547->556 555 df0e2d-df0e2f 549->555 550->556 557 df0e30-df0e40 555->557 556->555 562 df0bd7-df0bf6 GetLastError 558->562 563 df0c00-df0c0c WaitForSingleObject 558->563 559->555 562->563 566 df0c0e-df0c2d GetLastError 563->566 567 df0c37-df0c42 ResetEvent 563->567 566->567 569 df0c6d-df0c74 567->569 570 df0c44-df0c63 GetLastError 567->570 571 df0c76-df0c79 569->571 572 df0ce3-df0d05 CreateFileW 569->572 570->569 575 df0c7b-df0c7e 571->575 576 df0ca0-df0ca7 call dd38d4 571->576 573 df0d07-df0d38 GetLastError call dd37d3 572->573 574 df0d42-df0d57 SetFilePointerEx 572->574 573->574 579 df0d59-df0d8c GetLastError call dd37d3 574->579 580 df0d91-df0d9c SetEndOfFile 574->580 577 df0c99-df0c9b 575->577 578 df0c80-df0c83 575->578 587 df0cac-df0cb1 576->587 577->557 578->549 583 df0c89-df0c8f 578->583 579->547 585 df0d9e-df0dd1 GetLastError call dd37d3 580->585 586 df0dd3-df0df0 SetFilePointerEx 580->586 583->577 585->547 586->555 593 df0df2-df0e20 GetLastError call dd37d3 586->593 591 df0cb3-df0ccd call dd37d3 587->591 592 df0cd2-df0cde 587->592 591->547 592->555 593->547
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,00DF0621,?,?), ref: 00DF0A85
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00DF0621,?,?), ref: 00DF0A92
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,00DF0621,?,?), ref: 00DF0ACE
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,00DF0621,?,?), ref: 00DF0AD8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$EventObjectSingleWait
                                                                                                                                                                                                            • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3600396749-2104912459
                                                                                                                                                                                                            • Opcode ID: 432bbe5f3a6190703e62e26cc5dee58b4a5783d932c6cc02a826a0d1264c8188
                                                                                                                                                                                                            • Instruction ID: 15dc16bb860067d083900ee729789d644541ca6fa3a44384b4228f088edf55f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 432bbe5f3a6190703e62e26cc5dee58b4a5783d932c6cc02a826a0d1264c8188
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A291D372B40725BFE7205A7A9D49BA73AD4EF08750F028225FE06FB5A1D761DC0086F5
                                                                                                                                                                                                            Function 00DD4C33 Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 219COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 821 dd4c33-dd4c7b call dff670 call dd33d7 826 dd4c7d-dd4c8a call e1012f 821->826 827 dd4c8f-dd4c99 call de96f2 821->827 832 dd4e2b-dd4e35 826->832 833 dd4c9b-dd4ca0 827->833 834 dd4ca2-dd4cb1 call de96f8 827->834 837 dd4e37-dd4e3c CloseHandle 832->837 838 dd4e40-dd4e44 832->838 835 dd4cd7-dd4cf2 call dd1f20 833->835 841 dd4cb6-dd4cba 834->841 851 dd4cfb-dd4d0f call de6859 835->851 852 dd4cf4-dd4cf9 835->852 837->838 839 dd4e4f-dd4e53 838->839 840 dd4e46-dd4e4b CloseHandle 838->840 843 dd4e5e-dd4e60 839->843 844 dd4e55-dd4e5a CloseHandle 839->844 840->839 845 dd4cbc 841->845 846 dd4cd1-dd4cd4 841->846 848 dd4e65-dd4e79 call dd2793 * 2 843->848 849 dd4e62-dd4e63 CloseHandle 843->849 844->843 850 dd4cc1-dd4ccc call e1012f 845->850 846->835 867 dd4e7b-dd4e7e call e154ef 848->867 868 dd4e83-dd4e87 848->868 849->848 850->832 859 dd4d29-dd4d3d call de6915 851->859 860 dd4d11 851->860 852->850 870 dd4d3f-dd4d44 859->870 871 dd4d46-dd4d61 call dd1f62 859->871 862 dd4d16 860->862 865 dd4d1b-dd4d24 call e1012f 862->865 878 dd4e28 865->878 867->868 873 dd4e89-dd4e8c call e154ef 868->873 874 dd4e91-dd4e99 868->874 870->862 880 dd4d6d-dd4d86 call dd1f62 871->880 881 dd4d63-dd4d68 871->881 873->874 878->832 884 dd4d88-dd4d8d 880->884 885 dd4d92-dd4dbe CreateProcessW 880->885 881->850 884->850 886 dd4dfb-dd4e11 call e10917 885->886 887 dd4dc0-dd4df6 GetLastError call dd37d3 885->887 891 dd4e16-dd4e1a 886->891 887->865 891->832 892 dd4e1c-dd4e23 call e1012f 891->892 892->878
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD33D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00DD10DD,?,00000000), ref: 00DD33F8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00DD4E3A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00DD4E49
                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00DD4E58
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00DD4E63
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to append original command line., xrefs: 00DD4D63
                                                                                                                                                                                                            • Failed to launch clean room process: %ls, xrefs: 00DD4DF1
                                                                                                                                                                                                            • "%ls" %ls, xrefs: 00DD4D74
                                                                                                                                                                                                            • burn.clean.room, xrefs: 00DD4CD8
                                                                                                                                                                                                            • Failed to allocate full command-line., xrefs: 00DD4D88
                                                                                                                                                                                                            • -%ls="%ls", xrefs: 00DD4CE0
                                                                                                                                                                                                            • %ls %ls, xrefs: 00DD4D4F
                                                                                                                                                                                                            • burn.filehandle.self, xrefs: 00DD4D3F
                                                                                                                                                                                                            • D, xrefs: 00DD4DA3
                                                                                                                                                                                                            • Failed to get path for current process., xrefs: 00DD4C7D
                                                                                                                                                                                                            • Failed to cache to clean room., xrefs: 00DD4CBC
                                                                                                                                                                                                            • burn.filehandle.attached, xrefs: 00DD4D11
                                                                                                                                                                                                            • Failed to wait for clean room process: %ls, xrefs: 00DD4E1D
                                                                                                                                                                                                            • Failed to allocate parameters for unelevated process., xrefs: 00DD4CF4
                                                                                                                                                                                                            • Failed to append %ls, xrefs: 00DD4D16
                                                                                                                                                                                                            • engine.cpp, xrefs: 00DD4DE4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle$FileModuleName
                                                                                                                                                                                                            • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                                                            • API String ID: 3884789274-2391192076
                                                                                                                                                                                                            • Opcode ID: 5f0a5d3c328ac51d7ff974f19241e0e6d35ebe11c3fc6b3dada4d7aa5ee30f0a
                                                                                                                                                                                                            • Instruction ID: cb67a952004106d3051f54d6583bc85a050cf50b0e52abb42e6ff77b12ce6468
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f0a5d3c328ac51d7ff974f19241e0e6d35ebe11c3fc6b3dada4d7aa5ee30f0a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14715272D01229BBDF21ABA5CC41EEFBBB8EF04720F114156F914B6291D7749A418BF1
                                                                                                                                                                                                            Function 00DE7337 Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 999 de7337-de737c call dff670 call dd7503 1004 de737e-de7383 999->1004 1005 de7388-de7399 call ddc2a1 999->1005 1006 de7602-de7609 call e1012f 1004->1006 1010 de739b-de73a0 1005->1010 1011 de73a5-de73b6 call ddc108 1005->1011 1014 de760a-de760f 1006->1014 1010->1006 1021 de73b8-de73bd 1011->1021 1022 de73c2-de73d7 call ddc362 1011->1022 1016 de7617-de761b 1014->1016 1017 de7611-de7612 call e154ef 1014->1017 1019 de761d-de7620 call e154ef 1016->1019 1020 de7625-de762a 1016->1020 1017->1016 1019->1020 1024 de762c-de762d call e154ef 1020->1024 1025 de7632-de763f call ddc055 1020->1025 1021->1006 1030 de73d9-de73de 1022->1030 1031 de73e3-de73f3 call dfbdc9 1022->1031 1024->1025 1034 de7649-de764d 1025->1034 1035 de7641-de7644 call e154ef 1025->1035 1030->1006 1042 de73ff-de7472 call de5a35 1031->1042 1043 de73f5-de73fa 1031->1043 1038 de764f-de7652 call e154ef 1034->1038 1039 de7657-de765b 1034->1039 1035->1034 1038->1039 1040 de765d-de7660 call dd3999 1039->1040 1041 de7665-de766d 1039->1041 1040->1041 1048 de747e-de74a6 call dd550f GetCurrentProcess call e1076c 1042->1048 1049 de7474-de7479 1042->1049 1043->1006 1053 de74ab-de74c2 call dd8152 1048->1053 1049->1006 1056 de74dc-de74e1 1053->1056 1057 de74c4-de74d7 call e1012f 1053->1057 1059 de753d-de7542 1056->1059 1060 de74e3-de74f5 call dd80f6 1056->1060 1057->1014 1061 de7544-de7556 call dd80f6 1059->1061 1062 de7562-de756b 1059->1062 1071 de74f7-de74fc 1060->1071 1072 de7501-de7511 call dd3446 1060->1072 1061->1062 1074 de7558-de755d 1061->1074 1066 de756d-de7570 1062->1066 1067 de7577-de758b call dea307 1062->1067 1066->1067 1070 de7572-de7575 1066->1070 1079 de758d-de7592 1067->1079 1080 de7594 1067->1080 1070->1067 1075 de759a-de759d 1070->1075 1071->1006 1084 de751d-de7531 call dd80f6 1072->1084 1085 de7513-de7518 1072->1085 1074->1006 1081 de759f-de75a2 1075->1081 1082 de75a4-de75ba call ddd497 1075->1082 1079->1006 1080->1075 1081->1014 1081->1082 1088 de75bc-de75c1 1082->1088 1089 de75c3-de75db call ddcabe 1082->1089 1084->1059 1092 de7533-de7538 1084->1092 1085->1006 1088->1006 1094 de75dd-de75e2 1089->1094 1095 de75e4-de75fb call ddc7df 1089->1095 1092->1006 1094->1006 1095->1014 1098 de75fd 1095->1098 1098->1006
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WixBundleSourceProcessPath, xrefs: 00DE74E6
                                                                                                                                                                                                            • Failed to open manifest stream., xrefs: 00DE73B8
                                                                                                                                                                                                            • Failed to get manifest stream from container., xrefs: 00DE73D9
                                                                                                                                                                                                            • WixBundleSourceProcessFolder, xrefs: 00DE7522
                                                                                                                                                                                                            • WixBundleOriginalSource, xrefs: 00DE7547
                                                                                                                                                                                                            • Failed to get source process folder from path., xrefs: 00DE7513
                                                                                                                                                                                                            • Failed to overwrite the %ls built-in variable., xrefs: 00DE74C9
                                                                                                                                                                                                            • Failed to set source process path variable., xrefs: 00DE74F7
                                                                                                                                                                                                            • Failed to get unique temporary folder for bootstrapper application., xrefs: 00DE75BC
                                                                                                                                                                                                            • Failed to extract bootstrapper application payloads., xrefs: 00DE75DD
                                                                                                                                                                                                            • Failed to parse command line., xrefs: 00DE7474
                                                                                                                                                                                                            • Failed to set source process folder variable., xrefs: 00DE7533
                                                                                                                                                                                                            • Failed to open attached UX container., xrefs: 00DE739B
                                                                                                                                                                                                            • WixBundleElevated, xrefs: 00DE74B3, 00DE74C4
                                                                                                                                                                                                            • Failed to set original source variable., xrefs: 00DE7558
                                                                                                                                                                                                            • Failed to initialize variables., xrefs: 00DE737E
                                                                                                                                                                                                            • Failed to load catalog files., xrefs: 00DE75FD
                                                                                                                                                                                                            • Failed to initialize internal cache functionality., xrefs: 00DE758D
                                                                                                                                                                                                            • Failed to load manifest., xrefs: 00DE73F5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                                                            • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
                                                                                                                                                                                                            • API String ID: 32694325-252221001
                                                                                                                                                                                                            • Opcode ID: 386fefad4c0e97b55ac97e138263b2b903280d811fdd77df38e558473865b65a
                                                                                                                                                                                                            • Instruction ID: 26b3a2a344f27af0b5ade1b4b1cd52696da96e768b65fc45fd98429c29928d91
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 386fefad4c0e97b55ac97e138263b2b903280d811fdd77df38e558473865b65a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 869178B2A44A5ABBCB62EAA5CC41EEEB76CBF04704F14026AF515F7141D730D9449BB0
                                                                                                                                                                                                            Function 00DE84C4 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 205fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1099 de84c4-de8512 CreateFileW 1100 de8558-de8568 call e147d3 1099->1100 1101 de8514-de8553 GetLastError call dd37d3 call e1012f 1099->1101 1107 de856a-de857b call e1012f 1100->1107 1108 de8580-de8594 call e13db5 1100->1108 1112 de86fc-de870e call dfde36 1101->1112 1116 de86f5-de86f6 FindCloseChangeNotification 1107->1116 1117 de85af-de85b4 1108->1117 1118 de8596-de85aa call e1012f 1108->1118 1116->1112 1117->1116 1120 de85ba-de85c9 SetFilePointerEx 1117->1120 1118->1116 1122 de85cb-de85fe GetLastError call dd37d3 1120->1122 1123 de8603-de8613 call e14cee 1120->1123 1129 de86ed-de86f4 call e1012f 1122->1129 1130 de861f-de8630 SetFilePointerEx 1123->1130 1131 de8615-de861a 1123->1131 1129->1116 1132 de866a-de867a call e14cee 1130->1132 1133 de8632-de8665 GetLastError call dd37d3 1130->1133 1131->1129 1132->1131 1140 de867c-de868c call e14cee 1132->1140 1133->1129 1140->1131 1143 de868e-de869f SetFilePointerEx 1140->1143 1144 de86d6-de86dd call e14cee 1143->1144 1145 de86a1-de86d4 GetLastError call dd37d3 1143->1145 1149 de86e2-de86e6 1144->1149 1145->1129 1149->1116 1150 de86e8 1149->1150 1150->1129
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00DD4CB6,?,?,00000000,00DD4CB6,00000000), ref: 00DE8507
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE8514
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,00E1B4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DE86F6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create engine file at path: %ls, xrefs: 00DE8545
                                                                                                                                                                                                            • Failed to zero out original data offset., xrefs: 00DE86E8
                                                                                                                                                                                                            • Failed to seek to signature table in exe header., xrefs: 00DE8660
                                                                                                                                                                                                            • Failed to copy engine from: %ls to: %ls, xrefs: 00DE859C
                                                                                                                                                                                                            • Failed to seek to beginning of engine file: %ls, xrefs: 00DE856D
                                                                                                                                                                                                            • msi.dll, xrefs: 00DE8608
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE8538, 00DE85EF, 00DE8656, 00DE86C5
                                                                                                                                                                                                            • Failed to update signature offset., xrefs: 00DE8615
                                                                                                                                                                                                            • cabinet.dll, xrefs: 00DE866F
                                                                                                                                                                                                            • Failed to seek to original data in exe burn section header., xrefs: 00DE86CF
                                                                                                                                                                                                            • Failed to seek to checksum in exe header., xrefs: 00DE85F9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ChangeCloseCreateErrorFileFindLastNotification
                                                                                                                                                                                                            • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                                                                                                                            • API String ID: 4091947256-1976062716
                                                                                                                                                                                                            • Opcode ID: cf0941f6301aa637c633a8a96b1e43401a5d2322da22d69a6055f4a70dd2a9dd
                                                                                                                                                                                                            • Instruction ID: deca8b004ec1085e86fffddf6fe7aba35ae437f805a0f5a7384ff60519f3702b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf0941f6301aa637c633a8a96b1e43401a5d2322da22d69a6055f4a70dd2a9dd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0851C4B2A41731BFE7116B6A9C46FBB7698EB08710F010129FD04F6290EB60CD0496F5
                                                                                                                                                                                                            Function 00DD7503 Relevance: 33.4, APIs: 1, Strings: 21, Instructions: 378COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1151 dd7503-dd7dc0 InitializeCriticalSection 1152 dd7dc3-dd7de0 call dd5530 1151->1152 1155 dd7ded-dd7dfb call e1012f 1152->1155 1156 dd7de2-dd7de9 1152->1156 1159 dd7dfe-dd7e10 call dfde36 1155->1159 1156->1152 1157 dd7deb 1156->1157 1157->1159
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(00DE7378,00DD52B5,00000000,00DD533D), ref: 00DD7523
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                                                            • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleVersion
                                                                                                                                                                                                            • API String ID: 32694325-826827252
                                                                                                                                                                                                            • Opcode ID: 5b05fca1e31171e2020606b6b1a9f0b45d3a687aed8387993ef7ef0597d70192
                                                                                                                                                                                                            • Instruction ID: b54eb0bbb98a2aa87f231769eb3d72131dcbaac8a919bc10e1347933a92467e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b05fca1e31171e2020606b6b1a9f0b45d3a687aed8387993ef7ef0597d70192
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C3229B0C652798BDB65CF5989897DDBAB8BB49B04F6091DBE10CB6310D7B00AC4CF94
                                                                                                                                                                                                            Function 00DE80AE Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 151COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1163 de80ae-de80f7 call dff670 1166 de80fd-de810b GetCurrentProcess call e1076c 1163->1166 1167 de8270-de827d call dd21a5 1163->1167 1171 de8110-de811d 1166->1171 1172 de827f 1167->1172 1173 de828c-de829e call dfde36 1167->1173 1174 de81ab-de81b9 GetTempPathW 1171->1174 1175 de8123-de8132 GetWindowsDirectoryW 1171->1175 1178 de8284-de828b call e1012f 1172->1178 1176 de81bb-de81ee GetLastError call dd37d3 1174->1176 1177 de81f3-de8205 UuidCreate 1174->1177 1179 de816c-de817d call dd338f 1175->1179 1180 de8134-de8167 GetLastError call dd37d3 1175->1180 1176->1178 1184 de820e-de8223 StringFromGUID2 1177->1184 1185 de8207-de820c 1177->1185 1178->1173 1195 de817f-de8184 1179->1195 1196 de8189-de819f call dd36b4 1179->1196 1180->1178 1192 de8225-de823f call dd37d3 1184->1192 1193 de8241-de8262 call dd1f20 1184->1193 1185->1178 1192->1178 1202 de826b 1193->1202 1203 de8264-de8269 1193->1203 1195->1178 1196->1177 1205 de81a1-de81a6 1196->1205 1202->1167 1203->1178 1205->1178
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00DD5381), ref: 00DE8104
                                                                                                                                                                                                              • Part of subcall function 00E1076C: OpenProcessToken.ADVAPI32(?,00000008,?,00DD52B5,00000000,?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E1078A
                                                                                                                                                                                                              • Part of subcall function 00E1076C: GetLastError.KERNEL32(?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E10794
                                                                                                                                                                                                              • Part of subcall function 00E1076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E1081D
                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 00DE812A
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE8134
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 00DE81B1
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE81BB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create working folder guid., xrefs: 00DE8207
                                                                                                                                                                                                            • %ls%ls\, xrefs: 00DE824C
                                                                                                                                                                                                            • Failed to get temp path for working folder., xrefs: 00DE81E9
                                                                                                                                                                                                            • Failed to ensure windows path for working folder ended in backslash., xrefs: 00DE817F
                                                                                                                                                                                                            • Failed to append bundle id on to temp path for working folder., xrefs: 00DE8264
                                                                                                                                                                                                            • Failed to copy working folder path., xrefs: 00DE827F
                                                                                                                                                                                                            • Failed to get windows path for working folder., xrefs: 00DE8162
                                                                                                                                                                                                            • Failed to convert working folder guid into string., xrefs: 00DE823A
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE8158, 00DE81DF, 00DE8230
                                                                                                                                                                                                            • Temp\, xrefs: 00DE8189
                                                                                                                                                                                                            • Failed to concat Temp directory on windows path for working folder., xrefs: 00DE81A1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
                                                                                                                                                                                                            • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                                                                            • API String ID: 58964441-819636856
                                                                                                                                                                                                            • Opcode ID: 091b39c733ec6b4dc69b5452198d5cd9a82041eb949a5fc70d935b57a810915a
                                                                                                                                                                                                            • Instruction ID: 8ba598f318d25908ddb64aa90564e8c484f7da41eb6824bd309705d3c0da4e93
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 091b39c733ec6b4dc69b5452198d5cd9a82041eb949a5fc70d935b57a810915a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F411A72F40768BBEB20B6B5DD4AFAB72A8DB04710F004265FE09F7140EA74DD4856B5
                                                                                                                                                                                                            Function 00DF0E43 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 210COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1206 df0e43-df0e6f CoInitializeEx 1207 df0e83-df0ece call e0f364 1206->1207 1208 df0e71-df0e7e call e1012f 1206->1208 1214 df0ef8-df0f1a call e0f374 1207->1214 1215 df0ed0-df0ef3 call dd37d3 call e1012f 1207->1215 1213 df10df-df10f1 call dfde36 1208->1213 1223 df0fd3-df0fde SetEvent 1214->1223 1224 df0f20-df0f28 1214->1224 1231 df10d8-df10d9 CoUninitialize 1215->1231 1228 df101b-df1029 WaitForSingleObject 1223->1228 1229 df0fe0-df1009 GetLastError call dd37d3 1223->1229 1226 df0f2e-df0f34 1224->1226 1227 df10d0-df10d3 call e0f384 1224->1227 1226->1227 1235 df0f3a-df0f42 1226->1235 1227->1231 1233 df105b-df1066 ResetEvent 1228->1233 1234 df102b-df1059 GetLastError call dd37d3 1228->1234 1242 df100e-df1016 call e1012f 1229->1242 1231->1213 1240 df109b-df10a1 1233->1240 1241 df1068-df1096 GetLastError call dd37d3 1233->1241 1234->1242 1238 df0fbb-df0fce call e1012f 1235->1238 1239 df0f44-df0f46 1235->1239 1238->1227 1244 df0f58-df0f5b 1239->1244 1245 df0f48-df0f56 1239->1245 1248 df10cb 1240->1248 1249 df10a3-df10a6 1240->1249 1241->1242 1242->1227 1252 df0f5d 1244->1252 1253 df0fb5 1244->1253 1251 df0fb7-df0fb9 1245->1251 1248->1227 1256 df10a8-df10c2 call dd37d3 1249->1256 1257 df10c7-df10c9 1249->1257 1251->1223 1251->1238 1260 df0f8e-df0f93 1252->1260 1261 df0f9c-df0fa1 1252->1261 1262 df0f6b-df0f70 1252->1262 1263 df0faa-df0faf 1252->1263 1264 df0f79-df0f7e 1252->1264 1265 df0f87-df0f8c 1252->1265 1266 df0f95-df0f9a 1252->1266 1267 df0f64-df0f69 1252->1267 1268 df0fa3-df0fa8 1252->1268 1269 df0f72-df0f77 1252->1269 1270 df0fb1-df0fb3 1252->1270 1271 df0f80-df0f85 1252->1271 1253->1251 1256->1242 1257->1227 1260->1238 1261->1238 1262->1238 1263->1238 1264->1238 1265->1238 1266->1238 1267->1238 1268->1238 1269->1238 1270->1238 1271->1238
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 00DF0E65
                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00DF10D9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                                                                                            • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3442037557-1168358783
                                                                                                                                                                                                            • Opcode ID: 2b1f56d90921ba0ba770af7b63d35273e093ab702315c8f2e7e640711201f779
                                                                                                                                                                                                            • Instruction ID: 226cf9f25f6119a04c6cdb6acc06476eafc9271319a940fbc0bdd75ae0f2ae7a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b1f56d90921ba0ba770af7b63d35273e093ab702315c8f2e7e640711201f779
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0516D76A4036AEBD33016659C45EBB7950DF40720B2BC225FF06BB281DA55CC4096F6
                                                                                                                                                                                                            Function 00DD41D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1273 dd41d2-dd4229 InitializeCriticalSection * 2 call de4b0e * 2 1278 dd434d-dd4357 call ddb389 1273->1278 1279 dd422f 1273->1279 1284 dd435c-dd4360 1278->1284 1280 dd4235-dd4242 1279->1280 1282 dd4248-dd4274 lstrlenW * 2 CompareStringW 1280->1282 1283 dd4340-dd4347 1280->1283 1285 dd42c6-dd42f2 lstrlenW * 2 CompareStringW 1282->1285 1286 dd4276-dd4299 lstrlenW 1282->1286 1283->1278 1283->1280 1287 dd436f-dd4377 1284->1287 1288 dd4362-dd436e call e1012f 1284->1288 1285->1283 1292 dd42f4-dd4317 lstrlenW 1285->1292 1289 dd429f-dd42a4 1286->1289 1290 dd4385-dd439a call dd37d3 1286->1290 1288->1287 1289->1290 1293 dd42aa-dd42ba call dd29dc 1289->1293 1305 dd439f-dd43a6 1290->1305 1296 dd431d-dd4322 1292->1296 1297 dd43b1-dd43cb call dd37d3 1292->1297 1308 dd437a-dd4383 1293->1308 1309 dd42c0 1293->1309 1296->1297 1301 dd4328-dd4338 call dd29dc 1296->1301 1297->1305 1301->1308 1311 dd433a 1301->1311 1306 dd43a7-dd43af call e1012f 1305->1306 1306->1287 1308->1306 1309->1285 1311->1283
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD41FE
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(000000D0,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD4207
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD424D
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD4257
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD426B
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD427B
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD42CB
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD42D5
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD42E9
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00DD515E,?,?,00000000,?,?), ref: 00DD42F9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                                                                            • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                                                            • API String ID: 3039292287-3209860532
                                                                                                                                                                                                            • Opcode ID: 4c2a56675d78d89fa9a6732c85d350cbab8e2aa9003eabd037761b10cdb9b5f1
                                                                                                                                                                                                            • Instruction ID: 7da38ca756f8bd8fe24ece770f0496842669d0a442e4674a97cb5ca412815a21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c2a56675d78d89fa9a6732c85d350cbab8e2aa9003eabd037761b10cdb9b5f1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A551A371A40315BFC724AF69DC86FEAB76CEB04760F14411AF619E7290DB70A990CBB4
                                                                                                                                                                                                            Function 00DDC129 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 128fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1313 ddc129-ddc15b 1314 ddc15d-ddc17b CreateFileW 1313->1314 1315 ddc1c5-ddc1e1 GetCurrentProcess * 2 DuplicateHandle 1313->1315 1316 ddc21d-ddc223 1314->1316 1317 ddc181-ddc1b2 GetLastError call dd37d3 1314->1317 1318 ddc21b 1315->1318 1319 ddc1e3-ddc219 GetLastError call dd37d3 1315->1319 1320 ddc22d 1316->1320 1321 ddc225-ddc22b 1316->1321 1327 ddc1b7-ddc1c0 call e1012f 1317->1327 1318->1316 1319->1327 1324 ddc22f-ddc23d SetFilePointerEx 1320->1324 1321->1324 1328 ddc23f-ddc272 GetLastError call dd37d3 1324->1328 1329 ddc274-ddc27a 1324->1329 1332 ddc298-ddc29e 1327->1332 1337 ddc290-ddc297 call e1012f 1328->1337 1331 ddc27c-ddc280 call df1484 1329->1331 1329->1332 1338 ddc285-ddc289 1331->1338 1337->1332 1338->1332 1339 ddc28b 1338->1339 1339->1337
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,00DDC319,00DD52FD,?,?,00DD533D), ref: 00DDC170
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DDC181
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?), ref: 00DDC1D0
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DDC1D6
                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DDC1D9
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DDC1E3
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DDC235
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DDC23F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                                                            • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                                                                            • API String ID: 2619879409-373955632
                                                                                                                                                                                                            • Opcode ID: 6a069e26b1d775ad692d42b9aba1565bee68898ab0836b60e4c706edeaf04b18
                                                                                                                                                                                                            • Instruction ID: 63ecc9079c6f2e5f0f7a35145afe2e512fc0ff9d812462e3d75fbb887fe58741
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a069e26b1d775ad692d42b9aba1565bee68898ab0836b60e4c706edeaf04b18
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1541A172240301AFEB109E6A9C45F977BE9EB85760F15812AF918EB291DA31C841CBB4
                                                                                                                                                                                                            Function 00E129B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1342 e129b3-e129d3 call dd37ea 1345 e12af2-e12af6 1342->1345 1346 e129d9-e129e7 call e14932 1342->1346 1347 e12b00-e12b06 1345->1347 1348 e12af8-e12afb call e154ef 1345->1348 1351 e129ec-e12af1 GetProcAddress * 7 1346->1351 1348->1347 1351->1345
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD37EA: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00DD3829
                                                                                                                                                                                                              • Part of subcall function 00DD37EA: GetLastError.KERNEL32 ref: 00DD3833
                                                                                                                                                                                                              • Part of subcall function 00E14932: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00E1495A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00E129FD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00E12A20
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00E12A43
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00E12A66
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00E12A89
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00E12AAC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00E12ACF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                                                                            • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                                                            • API String ID: 2510051996-1735120554
                                                                                                                                                                                                            • Opcode ID: effaa3683c89162cf58350ee9953b47f54d458513822f2bf23d15d53e8c6300b
                                                                                                                                                                                                            • Instruction ID: e9bd06680c3657cac532a8e989fb2a681bdd11e2ebea3c0268f66846d0caf9c7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: effaa3683c89162cf58350ee9953b47f54d458513822f2bf23d15d53e8c6300b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C31EAB0A4170CAFDB18DF26EC5BA693FB5FB84700B40552EE607F2262D7719818DB00
                                                                                                                                                                                                            Function 00DF1484 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,00DDC285,?,00000000,?,00DDC319), ref: 00DF14BB
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDC285,?,00000000,?,00DDC319,00DD52FD,?,?,00DD533D,00DD533D,00000000,?,00000000), ref: 00DF14C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorEventLast
                                                                                                                                                                                                            • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                                                                            • API String ID: 545576003-938279966
                                                                                                                                                                                                            • Opcode ID: 342de7852d3eb7140c26731be23e826bd8629d971e2412570fef0079f2453afd
                                                                                                                                                                                                            • Instruction ID: 3b7cbefd37ac35db118e51b99ee51560ed1d4bfa64b9c1f332119959051d4d6c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 342de7852d3eb7140c26731be23e826bd8629d971e2412570fef0079f2453afd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B621E8B6A40739BBF32056796C41FB765FCEB44790F028122BD05F7280D654DD0086F6
                                                                                                                                                                                                            Function 00E0FBAD Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 74libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 00E0FBD5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(SystemFunction041), ref: 00E0FBE7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 00E0FC2A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00E0FC3E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 00E0FC76
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00E0FC8A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$ErrorLast
                                                                                                                                                                                                            • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                                                                                                                            • API String ID: 4214558900-3191127217
                                                                                                                                                                                                            • Opcode ID: 0d0bc4018090d2a5bd632b4de7dd7300201f87256f152297c4425577670d7128
                                                                                                                                                                                                            • Instruction ID: e460a762e07ddce6b99281dc9e303d05f85a99c2c93b44dc3bf2b8c03087740a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d0bc4018090d2a5bd632b4de7dd7300201f87256f152297c4425577670d7128
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5621B331A4172AFFE7316B37AD4DB52BD92AF80744F025131ED02F65A0E7608C58CAA4
                                                                                                                                                                                                            Function 00DF0627 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00DF0657
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 00DF066F
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00DF0674
                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00DF0677
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00DF0681
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 00DF06F0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00DF06FD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • <the>.cab, xrefs: 00DF0650
                                                                                                                                                                                                            • Failed to duplicate handle to cab container., xrefs: 00DF06AF
                                                                                                                                                                                                            • Failed to open cabinet file: %hs, xrefs: 00DF072E
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF06A5, 00DF0721
                                                                                                                                                                                                            • Failed to add virtual file pointer for cab container., xrefs: 00DF06D6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                                                            • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3030546534-3446344238
                                                                                                                                                                                                            • Opcode ID: 88785c728d4d8cd1837a15f2f2c239fa71992a6e4d91ce4a888b3a518a0f1042
                                                                                                                                                                                                            • Instruction ID: c1684b9f84b4230a180aa5299c0d150e5672375699919e6a71b3932301cbe20a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88785c728d4d8cd1837a15f2f2c239fa71992a6e4d91ce4a888b3a518a0f1042
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A431E172A01739BFEB206B669C48EAB7EACEF08760F124125FD08F7150C7209D50CAE5
                                                                                                                                                                                                            Function 00DE6859 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,00DD4D0B,?,?), ref: 00DE6879
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?,00DD4D0B,?,?), ref: 00DE687F
                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,?,00DD4D0B,?,?), ref: 00DE6882
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DD4D0B,?,?), ref: 00DE688C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,?,00DD4D0B,?,?), ref: 00DE6905
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • burn.filehandle.attached, xrefs: 00DE68D2
                                                                                                                                                                                                            • core.cpp, xrefs: 00DE68B0
                                                                                                                                                                                                            • Failed to append the file handle to the command line., xrefs: 00DE68ED
                                                                                                                                                                                                            • Failed to duplicate file handle for attached container., xrefs: 00DE68BA
                                                                                                                                                                                                            • %ls -%ls=%u, xrefs: 00DE68D9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                                                                                                                                                            • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
                                                                                                                                                                                                            • API String ID: 4224961946-4196573879
                                                                                                                                                                                                            • Opcode ID: c99a39bfa05b9d5b69992873174489a634948a57b84ee32ebb207e5e7b384400
                                                                                                                                                                                                            • Instruction ID: 7be4b6cd3b0c7adc1ad440c6eba745cdc84a3bf9346ffd89c4c89a0ce9785ad0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c99a39bfa05b9d5b69992873174489a634948a57b84ee32ebb207e5e7b384400
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7119A32A41725FBDB10ABB59D45A9A77A8EF14770F114226F910F71D0D7718D0196A0
                                                                                                                                                                                                            Function 00E19814 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 221libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E198A2
                                                                                                                                                                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000000), ref: 00E1992E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E1993A
                                                                                                                                                                                                            • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 00E1997A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                                                                                                                                            • String ID: $
                                                                                                                                                                                                            • API String ID: 948315288-3993045852
                                                                                                                                                                                                            • Opcode ID: 6813d683dd8e2abcb0426a41143bcecb8fbe94f572b231e0d40259fe28711c77
                                                                                                                                                                                                            • Instruction ID: 33198c2baacb507b45b051144cfcb8b97ddcc63265b2327c97ad0c974c81235a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6813d683dd8e2abcb0426a41143bcecb8fbe94f572b231e0d40259fe28711c77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0818F75900219AFDB11CF96D894AEEBBB5FF88354F15802AE811BB311DB70DD45CB90
                                                                                                                                                                                                            Function 00DE6915 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 00DE694B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00DE69BB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateFileHandle
                                                                                                                                                                                                            • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                                                                                                                                                                            • API String ID: 3498533004-3263533295
                                                                                                                                                                                                            • Opcode ID: 607a4b9af2d70007eb066ea686282bbf1c3014a96ba64199177abeb81d5770d5
                                                                                                                                                                                                            • Instruction ID: cd9f784ef10284641a818e802cd4fe711d9a8b943f747ff44ef0ae45152defa8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 607a4b9af2d70007eb066ea686282bbf1c3014a96ba64199177abeb81d5770d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27110B32600750BBC7246A699C05F9B7798DB55B70F054360FD14BB2D2D770D8104AB1
                                                                                                                                                                                                            Function 00E1076C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(?,00000008,?,00DD52B5,00000000,?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E1078A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E10794
                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E107C6
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,00DE74AB,00000000), ref: 00E1081D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                                                                                                                                                            • String ID: procutil.cpp
                                                                                                                                                                                                            • API String ID: 2387526074-1178289305
                                                                                                                                                                                                            • Opcode ID: 50e6f01d02cfb29c4cd75e2e11331a1cf2aca54904de464674df09970cb2e4bf
                                                                                                                                                                                                            • Instruction ID: 3906e43faede724a82dafe55cc9fb25c674b9e9395bf1d3f4b55d23915a231e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50e6f01d02cfb29c4cd75e2e11331a1cf2aca54904de464674df09970cb2e4bf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9216272D40228EFDB109F999C44ADEBBA8EF54750F118166AD15F7150D7704E84DAE0
                                                                                                                                                                                                            Function 00E1343B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00E1344A
                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(00E3B6D8), ref: 00E13467
                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,00E3B6C8,?,?,?,?,?,?), ref: 00E13482
                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(MSXML.DOMDocument,00E3B6C8,?,?,?,?,?,?), ref: 00E1348E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                                                            • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                                                            • API String ID: 2109125048-2356320334
                                                                                                                                                                                                            • Opcode ID: 7422c0c535dc9321a97725cdec22e2cdc13b91c7ab44ea28e35915e85a9ebb69
                                                                                                                                                                                                            • Instruction ID: ab31edd19d99e16bfb380790b8ffd776ad3ea12dee87bcd0be6a2013e3b7ed2c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7422c0c535dc9321a97725cdec22e2cdc13b91c7ab44ea28e35915e85a9ebb69
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F0A0307403356AC7228BB6AD0EB972E65AB84B69F107429EA62F11A4D3608985C7B0
                                                                                                                                                                                                            Function 00E14932 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00E1495A
                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00E14989
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 00E149B3
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00E1B790,?,?,?,00000000,00000000,00000000), ref: 00E149F4
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00E14A28
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 1145190524-2967768451
                                                                                                                                                                                                            • Opcode ID: 2cf7421aba49d68cc46d01799bf2a1899d41c26c46df46bb903ce04f1a95498a
                                                                                                                                                                                                            • Instruction ID: fa95a75fa44600473c01b4a5240ab2a9815ee7de4f7052206397d54aeecd0ff6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cf7421aba49d68cc46d01799bf2a1899d41c26c46df46bb903ce04f1a95498a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1121C5B5A4032AABD7119BA58C45EEFBBA8EF84364F018126FD05F7350E7308D80D6B0
                                                                                                                                                                                                            Function 00DF07E4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 00DF088A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 00DF0894
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Invalid seek type., xrefs: 00DF0820
                                                                                                                                                                                                            • Failed to move file pointer 0x%x bytes., xrefs: 00DF08C5
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF08B8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2976181284-417918914
                                                                                                                                                                                                            • Opcode ID: b020425123e7751ecc4845d4cb89dc98c0d46c5ed44ca66f43f3d0d0de807718
                                                                                                                                                                                                            • Instruction ID: 247a056210f3913637f28eaf26b171173bd52e5ba86125426f99b17d737267b3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b020425123e7751ecc4845d4cb89dc98c0d46c5ed44ca66f43f3d0d0de807718
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631A231A0061DFFCB04DE69DC859AABBA9FB08760B05C229FA15E7651D730ED108BE0
                                                                                                                                                                                                            Function 00E131C7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00E131DD
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00E131F9
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00E13280
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E1328B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                            • String ID: xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 760788290-1270936966
                                                                                                                                                                                                            • Opcode ID: cf111e03b41da6c152782e5a9878b13de6ca38761723fc9452a5f159c99c2291
                                                                                                                                                                                                            • Instruction ID: a514b23dd5830e35ddeeaa5dab2160c25425d238c0fdab6ecbd9137bacecf741
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf111e03b41da6c152782e5a9878b13de6ca38761723fc9452a5f159c99c2291
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED218271900219EFCB10EBA8C848EEEBBB9AF49714F154198F915B7220CB319E45CBA0
                                                                                                                                                                                                            Function 00DD4013 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(00DD533D,00DD53B5,00000000,00000000,?,00DE9EE4,00000000,00000000,00DD533D,00000000,00DD52B5,00000000,?,?,00DDD4AC,00DD533D), ref: 00DD4021
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE9EE4,00000000,00000000,00DD533D,00000000,00DD52B5,00000000,?,?,00DDD4AC,00DD533D,00000000,00000000), ref: 00DD402F
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00DD533D,00DD53B5,00DD5381,?,00DE9EE4,00000000,00000000,00DD533D,00000000,00DD52B5,00000000,?,?,00DDD4AC,00DD533D,00000000), ref: 00DD4097
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE9EE4,00000000,00000000,00DD533D,00000000,00DD52B5,00000000,?,?,00DDD4AC,00DD533D,00000000,00000000), ref: 00DD40A1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                            • String ID: dirutil.cpp
                                                                                                                                                                                                            • API String ID: 1375471231-2193988115
                                                                                                                                                                                                            • Opcode ID: 8c6d4f64c782fc570836799d3f6b3f9bbce0608f3d8b144a4afa7e61e6967155
                                                                                                                                                                                                            • Instruction ID: ab1f90eb93b5505e30990b59c96e968d405d538240833ea464f4cc73e1d80e90
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c6d4f64c782fc570836799d3f6b3f9bbce0608f3d8b144a4afa7e61e6967155
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8110336600321EBEB311AA25C44B7BB698EF54BA0F158127FF46EB390D7708C0592F1
                                                                                                                                                                                                            Function 00E10917 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00DD4E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00E10927
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DD4E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00E10935
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                                                            • String ID: procutil.cpp
                                                                                                                                                                                                            • API String ID: 1211598281-1178289305
                                                                                                                                                                                                            • Opcode ID: 66ed1b37b502f82af04cee76ad8d2ebcfbd01ee7448c07dcfbe007355c31933d
                                                                                                                                                                                                            • Instruction ID: 28cb44199075d7f8efd1eda30e431f3dd348a565cf63fc1c231257faef6a4405
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66ed1b37b502f82af04cee76ad8d2ebcfbd01ee7448c07dcfbe007355c31933d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45118272E00325EFEB109FA68C04ADB7A94EB88360F118216FD15F7251D2748D8096E5
                                                                                                                                                                                                            Function 00DF074E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DF114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00DF077D,?,?,?), ref: 00DF1177
                                                                                                                                                                                                              • Part of subcall function 00DF114F: GetLastError.KERNEL32(?,00DF077D,?,?,?), ref: 00DF1181
                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 00DF078B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DF0795
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to read during cabinet extraction., xrefs: 00DF07C3
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF07B9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                                                            • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2170121939-2426083571
                                                                                                                                                                                                            • Opcode ID: 177e217eb39d53e5cc2954ac64eae9730a97248c704273355c3e8aa8cada59fe
                                                                                                                                                                                                            • Instruction ID: 1302b5b981ce2a5d10eba6c0993a814d990f30fe74cc5b8441e875a1223b1424
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 177e217eb39d53e5cc2954ac64eae9730a97248c704273355c3e8aa8cada59fe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A018E72A01628BBDB109FA9DC04E9A7BA9FF08760F014129FE09E7650D7319A109BE4
                                                                                                                                                                                                            Function 00DF114F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00DF077D,?,?,?), ref: 00DF1177
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DF077D,?,?,?), ref: 00DF1181
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to move to virtual file pointer., xrefs: 00DF11AF
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF11A5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2976181284-3005670968
                                                                                                                                                                                                            • Opcode ID: 15c9260187227ff4daa142d8f47b42e24c839061178c919e75333a242f3eb5ed
                                                                                                                                                                                                            • Instruction ID: 6e51ab4273b16e28fe73d8de7fbfe0120d5dcf844ecb0f41e897ac1e0a75c2d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15c9260187227ff4daa142d8f47b42e24c839061178c919e75333a242f3eb5ed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8901A236601739FBD7115A669C04ED7BF99EF417A0B12C12AFE08A6550D7259C10C6E4
                                                                                                                                                                                                            Function 00E13DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00E13E5E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E13EC1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastRead
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 1948546556-2967768451
                                                                                                                                                                                                            • Opcode ID: 1d0b2dd7ed15f4fe49f0568382a284cb49b5a8f662c0f328fac4a6d17f52a983
                                                                                                                                                                                                            • Instruction ID: efabe8be1833bf12a7a9a5202ff603be10b64607039b8ee8db0980e9c8d73f18
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d0b2dd7ed15f4fe49f0568382a284cb49b5a8f662c0f328fac4a6d17f52a983
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9414C71E003699BDB21CE69C8407EAB7A5FF48751F0091AAE949F7240D7B49EC48FA1
                                                                                                                                                                                                            Function 00DD501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00DD1104,?,?,00000000), ref: 00DD503A
                                                                                                                                                                                                            • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00DD1104,?,?,00000000), ref: 00DD506A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareStringlstrlen
                                                                                                                                                                                                            • String ID: burn.clean.room
                                                                                                                                                                                                            • API String ID: 1433953587-3055529264
                                                                                                                                                                                                            • Opcode ID: e0938f679cf78ae3b70dabbf686521a10679d56670eb49f8c72367e84b019bb9
                                                                                                                                                                                                            • Instruction ID: f78f0156d720b58c051c3b1f13a5e70d3a701270d097ff606b222ebd877a1960
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0938f679cf78ae3b70dabbf686521a10679d56670eb49f8c72367e84b019bb9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0016273600629AE83245B5AA888D73BF6CFB18750718412BF985E2714D3719C84C7F1
                                                                                                                                                                                                            Function 00E14CEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00E13E85,?,?,?), ref: 00E14D12
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00E13E85,?,?,?), ref: 00E14D1C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 442123175-2967768451
                                                                                                                                                                                                            • Opcode ID: 007faf06eb8947e0f41bd4e52d96a0574540725aa24e09581533adfe0b7d0425
                                                                                                                                                                                                            • Instruction ID: 9b64809b94e4ee8fcfb93f856fb774998ec55367e57e96e4db9a0d884a7578e1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 007faf06eb8947e0f41bd4e52d96a0574540725aa24e09581533adfe0b7d0425
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79F081B2601229BBDB109E9ADC45EDBBBADFB44761F014116FD04E7140D630AE0086F1
                                                                                                                                                                                                            Function 00E147D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00DE8564,00000000,00000000,00000000,00000000,00000000), ref: 00E147EB
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DE8564,00000000,00000000,00000000,00000000,00000000), ref: 00E147F5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 2976181284-2967768451
                                                                                                                                                                                                            • Opcode ID: 86e0e7e88ff2073537ca747620427e53db95a141fccb451722dca132d7a7730d
                                                                                                                                                                                                            • Instruction ID: 3ba9da5c142eb183d2546038e7506cabaf3713e5c179bb751527bb68d6d992b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86e0e7e88ff2073537ca747620427e53db95a141fccb451722dca132d7a7730d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97F01D71A00259AF9B149F959C09DEB7BA8EB08754F018119BD05E7250D631DD50D6E1
                                                                                                                                                                                                            Function 00DD37EA Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00DD3829
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD3833
                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 00DD389B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1230559179-0
                                                                                                                                                                                                            • Opcode ID: 25835d97857320152df065a45098256c1903ee6d6adaa4cd6d35607c193a970d
                                                                                                                                                                                                            • Instruction ID: b79fd0409c27b4f6a81ea81fc86ec76e22aa1981eaf503e8dafdb7d93892e301
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25835d97857320152df065a45098256c1903ee6d6adaa4cd6d35607c193a970d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 252198B2D0132967EB209F65DC49F9A776CDB04720F1541B6BE04E7341EA30EE489AF1
                                                                                                                                                                                                            Function 00DD3999 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00DD3B34,00000000,?,00DD1472,00000000,80004005,00000000,80004005,00000000,000001C7,?,00DD13B7), ref: 00DD39A3
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,00DD3B34,00000000,?,00DD1472,00000000,80004005,00000000,80004005,00000000,000001C7,?,00DD13B7,000001C7,00000100), ref: 00DD39AA
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD3B34,00000000,?,00DD1472,00000000,80004005,00000000,80004005,00000000,000001C7,?,00DD13B7,000001C7,00000100,?), ref: 00DD39B4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 406640338-0
                                                                                                                                                                                                            • Opcode ID: f1e660f32126c1287c52928a00b5ad0843a748f7eee65b33fcdd864950c6d59e
                                                                                                                                                                                                            • Instruction ID: 34863f932bddffcec998323a5c18400fc017b7221c1fdb928a57d6dbf6a96624
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1e660f32126c1287c52928a00b5ad0843a748f7eee65b33fcdd864950c6d59e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFD012727012346BC7102FFB5C0C6D7BE9CEF095A1B028022FD05E6110D725891486F5
                                                                                                                                                                                                            Function 00E10E3F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                            • String ID: regutil.cpp
                                                                                                                                                                                                            • API String ID: 71445658-955085611
                                                                                                                                                                                                            • Opcode ID: 33cc6ecb5905741ad9498bd1d630b982a11e9bba1d7c00336c9511e715a429fc
                                                                                                                                                                                                            • Instruction ID: 05cca62ad4ac9bdcc854a50b1c44beb004a0be8d6ac8ba083e7527e7279067c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33cc6ecb5905741ad9498bd1d630b982a11e9bba1d7c00336c9511e715a429fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61F0A772701235BBDF2549675C04BE77D85EF446A0F118525BD49EA261D671CC50D2E0
                                                                                                                                                                                                            Function 00DD3A72 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,000001C7,?,?,00DD227D,?,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000), ref: 00DD3A86
                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(00000000,?,00DD227D,?,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3A8D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1357844191-0
                                                                                                                                                                                                            • Opcode ID: 9a9744556ee49b7f24bd6071ace29890c3e85f237beae43112a66b87c68b56e1
                                                                                                                                                                                                            • Instruction ID: 28162f4cc6c34fe8dbb7d6899843fdef88cab0550d4a1db7a2b14e4f0278e02a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a9744556ee49b7f24bd6071ace29890c3e85f237beae43112a66b87c68b56e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCD0C972290209BFCF005FE9DC09DEE3BACEB586127008405B915D6110C739E4649A60
                                                                                                                                                                                                            Function 00E13499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00E134CE
                                                                                                                                                                                                              • Part of subcall function 00E12F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00E134DF,00000000,?,00000000), ref: 00E12F3D
                                                                                                                                                                                                              • Part of subcall function 00E12F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00DFBDED,?,00DD52FD,?,00000000,?), ref: 00E12F49
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 52713655-0
                                                                                                                                                                                                            • Opcode ID: 7a51871356e732c0972431294c5e882091d4c0fc5b436c82d0b9e300d2220a77
                                                                                                                                                                                                            • Instruction ID: dbbd9846d89a7df5e592183bc1e6f335e9c88682b43ef439e70aa520aa3e5832
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a51871356e732c0972431294c5e882091d4c0fc5b436c82d0b9e300d2220a77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A311976E006299BCB11DFA8C884AEEB7F9EF08710F01556AED15FB211D6709E448BA0
                                                                                                                                                                                                            Function 00E15728 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80070490,00000000,80070490,00E3AAA0,00000000,80070490,00000000,?,00DE890E,WiX\Burn,PackageCache,00000000,00E3AAA0,00000000,00000000,80070490), ref: 00E15782
                                                                                                                                                                                                              • Part of subcall function 00E10F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00E10FE4
                                                                                                                                                                                                              • Part of subcall function 00E10F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00E1101F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue$Close
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1979452859-0
                                                                                                                                                                                                            • Opcode ID: dee7223940dc3f29b97d9bbb7d592589ba4b87e843b5e6763a1ff79e4a6a18de
                                                                                                                                                                                                            • Instruction ID: 36955f3df7b982f59e52daa824166e2cd8cc6dd265ad1e911273f52a307b904f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dee7223940dc3f29b97d9bbb7d592589ba4b87e843b5e6763a1ff79e4a6a18de
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C111A077800629EB8B21AEA4DC869EEB66AEB84324B15523AED5177150C3314DD0DAD0
                                                                                                                                                                                                            Function 00DD34C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00DE89CA,0000001C,80070490,00000000,00000000,80070490), ref: 00DD34E5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                                                                            • Opcode ID: f8cf51e62c62a6ed2716d38bca9b53995609e5313df8ac284924cfd2ff259541
                                                                                                                                                                                                            • Instruction ID: 7e3225d06f843d05e2dbfd0a0b9bbc060605ad66be49187d517455b81376923a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8cf51e62c62a6ed2716d38bca9b53995609e5313df8ac284924cfd2ff259541
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DE05B763012257BE7022E735C05DEB7B9CDF157507008053FE50E6210E775E91487B1
                                                                                                                                                                                                            Function 00E12DD0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,00000000,00DD547B,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E12DDD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                            • Opcode ID: f236f82a7755825202535cf83b0c3fef6e1f8ccc8449578a0c4ca6d66dec1c08
                                                                                                                                                                                                            • Instruction ID: 7cff7d50f8514815e95c3d9202a9fe58915c2aca494a2dcbea7fcdb4580fec37
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f236f82a7755825202535cf83b0c3fef6e1f8ccc8449578a0c4ca6d66dec1c08
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEE0E3B592A62C9F8B10CF5BBD4A5527FB8B748B40311565BF602E2262C3B084488F90
                                                                                                                                                                                                            Function 00DD14B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,00DD21B8,?,00000000,?,00000000,?,00DD38BD,00000000,?,00000104), ref: 00DD14E4
                                                                                                                                                                                                              • Part of subcall function 00DD3B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,00DD21DC,000001C7,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3B59
                                                                                                                                                                                                              • Part of subcall function 00DD3B51: HeapSize.KERNEL32(00000000,?,00DD21DC,000001C7,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3B60
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3492610842-0
                                                                                                                                                                                                            • Opcode ID: 69e1dc2a389e161769e8d08fdf9485f553dbfb90222878732da17664c0942a4a
                                                                                                                                                                                                            • Instruction ID: e082002b59fe25024c1040cc97cf5309313661e1bf3210e71daddde6708d3fe7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69e1dc2a389e161769e8d08fdf9485f553dbfb90222878732da17664c0942a4a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF01F53B240218BFCF215E54EC44F9E77A5EF41760F258226FA259B260D731DD5086B0

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 00DDA7EF Relevance: 170.4, APIs: 29, Strings: 68, Instructions: 688COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00DDB01A
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00E1CA64,000000FF,DirectorySearch,000000FF,00E1CA64,Condition,feclient.dll,00E1CA64,Variable,?,00E1CA64,00E1CA64,?,?), ref: 00DDA927
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 00DDA97C
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 00DDA998
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 00DDA9BC
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 00DDAA0F
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00DDAA29
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 00DDAA51
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 00DDAA8F
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 00DDAAAE
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKLM,000000FF), ref: 00DDAACD
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,msi.dll,?,Type,?,?,Value,version.dll,?), ref: 00DDAB8B
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 00DDABA5
                                                                                                                                                                                                              • Part of subcall function 00E131C7: VariantInit.OLEAUT32(?), ref: 00E131DD
                                                                                                                                                                                                              • Part of subcall function 00E131C7: SysAllocString.OLEAUT32(?), ref: 00E131F9
                                                                                                                                                                                                              • Part of subcall function 00E131C7: VariantClear.OLEAUT32(?), ref: 00E13280
                                                                                                                                                                                                              • Part of subcall function 00E131C7: SysFreeString.OLEAUT32(00000000), ref: 00E1328B
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,cabinet.dll), ref: 00DDAC04
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 00DDAC26
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00DDAC46
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 00DDAD1E
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00DDAEFC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Compare$Free$HeapVariant$AllocAllocateClearInitProcess
                                                                                                                                                                                                            • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$cabinet.dll$clbcatq.dll$comres.dll$directory$exists$feclient.dll$keyPath$language$msi.dll$numeric$path$search.cpp$state$string$value$version$version.dll$wininet.dll
                                                                                                                                                                                                            • API String ID: 2748437055-1695159631
                                                                                                                                                                                                            • Opcode ID: 1ff9305e354a7303a9fe9e3f02e837fd1b4d1bc9a1348428f11f042aaba08d9a
                                                                                                                                                                                                            • Instruction ID: bb285c2858dd2779840e1682d1fd809cabe24fa3980211e9836862581f6bda3a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ff9305e354a7303a9fe9e3f02e837fd1b4d1bc9a1348428f11f042aaba08d9a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D422BB71A89336BECB219B688C41DEEBA659F05730F309352F934B63D1D7709E80D6A1
                                                                                                                                                                                                            Function 00E115CB Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00E1166B
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E11675
                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00E116C2
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E116C8
                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 00E11702
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E11708
                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 00E11748
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E1174E
                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 00E1178E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E11794
                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 00E117D4
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E117DA
                                                                                                                                                                                                            • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 00E118BD
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 00E119DC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CreateKnownWell$DescriptorEntriesFreeInitializeLocalSecurity
                                                                                                                                                                                                            • String ID: srputil.cpp
                                                                                                                                                                                                            • API String ID: 3627156773-4105181634
                                                                                                                                                                                                            • Opcode ID: 51939facdb6feec07335317d169459471601ccb9a7e609851cd8503651d3d836
                                                                                                                                                                                                            • Instruction ID: 3fc8861adccc0ca2720240cb123385121dbaeeea83c00eff429dcc80511ed060
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51939facdb6feec07335317d169459471601ccb9a7e609851cd8503651d3d836
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93B14972D4132CAEEB209F659D44BEB76FCEF08740F0141A6ED19F6150E7705E848AB4
                                                                                                                                                                                                            Function 00DE69CC Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 358synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DDD39D: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00DE6E4B,000000B8,00000000,?,00000000,76D695A0), ref: 00DDD3AC
                                                                                                                                                                                                              • Part of subcall function 00DDD39D: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 00DDD3BB
                                                                                                                                                                                                              • Part of subcall function 00DDD39D: LeaveCriticalSection.KERNEL32(000000D0,?,00DE6E4B,000000B8,00000000,?,00000000,76D695A0), ref: 00DDD3D0
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 00DE6D9A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00DE6DA3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00DD4740,?,00000000,?,00000000,00000001,00000000), ref: 00DE6DC0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Engine cannot start apply because it is busy with another action., xrefs: 00DE6A2F
                                                                                                                                                                                                            • Failed to elevate., xrefs: 00DE6BA5
                                                                                                                                                                                                            • Another per-machine setup is already executing., xrefs: 00DE6BD9
                                                                                                                                                                                                            • Failed to set initial apply variables., xrefs: 00DE6B18
                                                                                                                                                                                                            • Failed while caching, aborting execution., xrefs: 00DE6CA8
                                                                                                                                                                                                            • UX aborted apply begin., xrefs: 00DE6AA6
                                                                                                                                                                                                            • core.cpp, xrefs: 00DE6A9C, 00DE6C76
                                                                                                                                                                                                            • Failed to cache engine to working directory., xrefs: 00DE6B7F
                                                                                                                                                                                                            • Failed to register bundle., xrefs: 00DE6C00
                                                                                                                                                                                                            • Another per-user setup is already executing., xrefs: 00DE6AF1
                                                                                                                                                                                                            • crypt32.dll, xrefs: 00DE6CD2
                                                                                                                                                                                                            • Failed to create cache thread., xrefs: 00DE6C80
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCriticalHandleSection$CompareEnterExchangeInterlockedLeaveMutexRelease
                                                                                                                                                                                                            • String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                                                                                                                            • API String ID: 322611130-4292671789
                                                                                                                                                                                                            • Opcode ID: 381ff4e734fd2a47e43be0953f8dbbc994fd1c3f4447ff2035a7abe85f74e6a5
                                                                                                                                                                                                            • Instruction ID: f12e79c80fda1ba17a28c97684a483c3d5670a2a99ea02ed55f20d47109f5788
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 381ff4e734fd2a47e43be0953f8dbbc994fd1c3f4447ff2035a7abe85f74e6a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBC1E271A0165AFFDB19AFA1CC45BEEB7B8FF14354F04422AF605A6140DB70E9548BB0
                                                                                                                                                                                                            Function 00DD44E9 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 137COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 00DD4512
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00DD4519
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00DD4523
                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00DD4573
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD457D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00DD4677
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
                                                                                                                                                                                                            • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                                                                                                                            • API String ID: 4232854991-1583736410
                                                                                                                                                                                                            • Opcode ID: 47775e626c255ef8bdc4fc70e448773dae31a5afa5643f0694346808fd696aeb
                                                                                                                                                                                                            • Instruction ID: 3e6831c5de50c701f9a895361c222fb30597c574521d1750b41b1a136c85894a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47775e626c255ef8bdc4fc70e448773dae31a5afa5643f0694346808fd696aeb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC41E472A40324FFEB209FBA9C49BFB76A8EB05750F114126FE06F6290D6348D4486F1
                                                                                                                                                                                                            Function 00DE4CE8 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 161pipeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 00DE4D16
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,00DD442A,?), ref: 00DE4D1F
                                                                                                                                                                                                            • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,00DD442A,?), ref: 00DE4DC0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD442A,?), ref: 00DE4DCD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,00DD442A,?), ref: 00DE4E93
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00DD442A,?), ref: 00DE4EC1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\.\pipe\%ls.Cache, xrefs: 00DE4E14
                                                                                                                                                                                                            • pipe.cpp, xrefs: 00DE4D43, 00DE4DF1, 00DE4E77
                                                                                                                                                                                                            • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 00DE4D11
                                                                                                                                                                                                            • \\.\pipe\%ls, xrefs: 00DE4D77
                                                                                                                                                                                                            • Failed to allocate full name of cache pipe: %ls, xrefs: 00DE4E2A
                                                                                                                                                                                                            • Failed to allocate full name of pipe: %ls, xrefs: 00DE4D8D
                                                                                                                                                                                                            • Failed to create pipe: %ls, xrefs: 00DE4DFE, 00DE4E84
                                                                                                                                                                                                            • Failed to create the security descriptor for the connection event and pipe., xrefs: 00DE4D4D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DescriptorErrorLastSecurity$CloseConvertCreateFreeHandleLocalNamedPipeString
                                                                                                                                                                                                            • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                                                                            • API String ID: 3065245045-3253666091
                                                                                                                                                                                                            • Opcode ID: b4605d11a8d2243ba4eb44fd67ce58528be3e349604fbaf22ade53245804f700
                                                                                                                                                                                                            • Instruction ID: bba1f454283c321ba3c8fca5bc04110b7a7527e54259d1cb26aadf3d03d51462
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4605d11a8d2243ba4eb44fd67ce58528be3e349604fbaf22ade53245804f700
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB51C272E40324FFEB11AFA6AC46BEEBAA4EF04710F114126FD11F61D0D3754E849AA1
                                                                                                                                                                                                            Function 00E0F961 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 167encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,00DE9CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0), ref: 00E0F9C6
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E0F9D0
                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 00E0FA0D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E0FA17
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 00E0FAC9
                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00E0FAE0
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E0FAFB
                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 00E0FB33
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E0FB3D
                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 00E0FB76
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E0FB84
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CryptErrorLast$Hash$Context$AcquireCreateDestroyFileParamPointerRelease
                                                                                                                                                                                                            • String ID: cryputil.cpp
                                                                                                                                                                                                            • API String ID: 1716956426-2185294990
                                                                                                                                                                                                            • Opcode ID: cc25f7b02fd9e7656cdf5064f07bc02f209474d0099f8fdbd250e2e3f609039a
                                                                                                                                                                                                            • Instruction ID: 111d4eafeec4dc1a34b9ed8088e7f49f7d2eea2c621ad0d1e7999801d3750be5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc25f7b02fd9e7656cdf5064f07bc02f209474d0099f8fdbd250e2e3f609039a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7517532E40264EFEB319F668C04BE776E8EB08751F018165FE4DF6190D7748DD49AA4
                                                                                                                                                                                                            Function 00DFC0FA Relevance: 25.4, Strings: 20, Instructions: 364COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to copy install arguments for related bundle package, xrefs: 00DFC34C
                                                                                                                                                                                                            • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 00DFC40C
                                                                                                                                                                                                            • Failed to allocate memory for dependency providers., xrefs: 00DFC481
                                                                                                                                                                                                            • pseudobundle.cpp, xrefs: 00DFC141, 00DFC17A, 00DFC269, 00DFC475
                                                                                                                                                                                                            • -%ls, xrefs: 00DFC114
                                                                                                                                                                                                            • Failed to copy key for pseudo bundle., xrefs: 00DFC30A
                                                                                                                                                                                                            • Failed to copy cache id for pseudo bundle., xrefs: 00DFC327
                                                                                                                                                                                                            • Failed to copy repair arguments for related bundle package, xrefs: 00DFC398
                                                                                                                                                                                                            • Failed to copy display name for pseudo bundle., xrefs: 00DFC4F2
                                                                                                                                                                                                            • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 00DFC14D
                                                                                                                                                                                                            • Failed to copy download source for pseudo bundle., xrefs: 00DFC231
                                                                                                                                                                                                            • Failed to copy uninstall arguments for related bundle package, xrefs: 00DFC3EB
                                                                                                                                                                                                            • Failed to copy local source path for pseudo bundle., xrefs: 00DFC203
                                                                                                                                                                                                            • Failed to append relation type to install arguments for related bundle package, xrefs: 00DFC371
                                                                                                                                                                                                            • Failed to append relation type to repair arguments for related bundle package, xrefs: 00DFC3B9
                                                                                                                                                                                                            • Failed to copy version for pseudo bundle., xrefs: 00DFC4D0
                                                                                                                                                                                                            • Failed to allocate memory for pseudo bundle payload hash., xrefs: 00DFC275
                                                                                                                                                                                                            • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 00DFC186
                                                                                                                                                                                                            • Failed to copy filename for pseudo bundle., xrefs: 00DFC1DF
                                                                                                                                                                                                            • Failed to copy key for pseudo bundle payload., xrefs: 00DFC1BB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                            • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                                                                                                                            • API String ID: 1357844191-2832335422
                                                                                                                                                                                                            • Opcode ID: 469274487225195b4b325cbcbcb1b8f5cf5fe0dd2ffb3424b5f2cb3d4a3f6db5
                                                                                                                                                                                                            • Instruction ID: 9e0983fe470e104ce4cbb1be3af60124cc2fe13988a46074aa372180e4afdd60
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 469274487225195b4b325cbcbcb1b8f5cf5fe0dd2ffb3424b5f2cb3d4a3f6db5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1C1C271A1075EBBDB159F64C951E7A76A8EF08710B069125FE05EB341DB70EC209BB0
                                                                                                                                                                                                            Function 00DE9C99 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • copying, xrefs: 00DE9E27
                                                                                                                                                                                                            • Failed to concat complete cached path., xrefs: 00DE9CEF
                                                                                                                                                                                                            • Failed to create unverified path., xrefs: 00DE9D69
                                                                                                                                                                                                            • moving, xrefs: 00DE9E2C, 00DE9E34
                                                                                                                                                                                                            • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 00DE9DC6
                                                                                                                                                                                                            • Failed to reset permissions on unverified cached payload: %ls, xrefs: 00DE9DEC
                                                                                                                                                                                                            • Failed to transfer working path to unverified path for payload: %ls., xrefs: 00DE9D9F
                                                                                                                                                                                                            • Failed to get cached path for package with cache id: %ls, xrefs: 00DE9CC3
                                                                                                                                                                                                            • Failed to move verified file to complete payload path: %ls, xrefs: 00DE9E68
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                                                                                                                                                            • API String ID: 0-1289240508
                                                                                                                                                                                                            • Opcode ID: 09c25d21e21e67eb6553112927cefb65be9bc56bb88c1590dc7060787cc97b47
                                                                                                                                                                                                            • Instruction ID: 38f5210cd7a2fa6b3d00f918f12cd9d5e3f2a663b2bac11f13b3fdd04da217f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09c25d21e21e67eb6553112927cefb65be9bc56bb88c1590dc7060787cc97b47
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7517171942269FBDF227B91DC12FDDBB76EF04700F244195FA00751A1E7728EA0ABA1
                                                                                                                                                                                                            Function 00E0FDC2 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 130threadtimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00E3B60C,00000000,?,?,?,?,00DF1014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00E0FDF0
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,00DF1014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00E0FE00
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E0FE09
                                                                                                                                                                                                            • GetLocalTime.KERNEL32(8007139F,?,00DF1014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00E0FE1F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00E3B60C,?,00000000,00000000,0000FDE9), ref: 00E0FF12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                                                            • String ID: $c$%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$(c$,c$0c$0c
                                                                                                                                                                                                            • API String ID: 296830338-1388579833
                                                                                                                                                                                                            • Opcode ID: ef98495f9072562028c919a6ce20a1696e8a99fbceef1698cb6372111c75a604
                                                                                                                                                                                                            • Instruction ID: e8f350e8243e872728ed6994e615d73c15b85df0aaf077ac0ad04d11c4047c7e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef98495f9072562028c919a6ce20a1696e8a99fbceef1698cb6372111c75a604
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7417072E01219EFDB208BA5CC49AFEBBF5EB48B11F105025FA01F61A1D7348D95CBA1
                                                                                                                                                                                                            Function 00DD6184 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 00DD61D2
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD61DC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastVersion
                                                                                                                                                                                                            • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 305913169-1971907631
                                                                                                                                                                                                            • Opcode ID: e2b21458def6c599b33041699b94276377abe2abc0e5173024e85c24b547880b
                                                                                                                                                                                                            • Instruction ID: ab02374f6a8c8ea138c39271e321e89a5d7bb65f58c32b6dc7fde6060f3308f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2b21458def6c599b33041699b94276377abe2abc0e5173024e85c24b547880b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72419771A01228ABDB209BA5CC45EEA7FB8EB89710F14419BF545E7240D630DE85CBB4
                                                                                                                                                                                                            Function 00DE993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,?,?,*.*,?,?,?,00000000,.unverified,?), ref: 00DE99ED
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00DE9A14
                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DE9A74
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00DE9A7F
                                                                                                                                                                                                              • Part of subcall function 00DD3BC3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00DD3C3F
                                                                                                                                                                                                              • Part of subcall function 00DD3BC3: GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DD3C52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                                                                                                                            • String ID: *.*$.unverified
                                                                                                                                                                                                            • API String ID: 457978746-2528915496
                                                                                                                                                                                                            • Opcode ID: 4b2f5aa6b03ceee398f13dea32d25003f528d87bcf8a7cdbd4d5e20078ae4a93
                                                                                                                                                                                                            • Instruction ID: 1a5804274e9e8bcbfc6ac20c544421775004799885ed0b52d9230865dc218501
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b2f5aa6b03ceee398f13dea32d25003f528d87bcf8a7cdbd4d5e20078ae4a93
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD41733190156CAEDB20BB65DC49BEAB7B9EF44301F5401A5E909F20A1EB748EC4CF64
                                                                                                                                                                                                            Function 00E18733 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 00E18788
                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 00E1879A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • feclient.dll, xrefs: 00E18762
                                                                                                                                                                                                            • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 00E18771
                                                                                                                                                                                                            • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 00E187E3
                                                                                                                                                                                                            • crypt32.dll, xrefs: 00E18758
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                                                                                                                            • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                                                                                                                                                                            • API String ID: 1772835396-1985132828
                                                                                                                                                                                                            • Opcode ID: 1acf685d0bcaf498ccd86ddd875bbabf8be9922212a2fbee9f362e0684b32231
                                                                                                                                                                                                            • Instruction ID: 0fb6a66d97f7d60581bcb4dac7f2807a04bb62128934bbc3f89c09fa0f998dd8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1acf685d0bcaf498ccd86ddd875bbabf8be9922212a2fbee9f362e0684b32231
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F213CA6900118BED724DFA69D05FBBB3FDEB48B01F10445AF984E2180E738AE84D770
                                                                                                                                                                                                            Function 00DD60BA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastNameUser
                                                                                                                                                                                                            • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 2054405381-1522884404
                                                                                                                                                                                                            • Opcode ID: c23ce83365182f8026bb8212b8d26b2493443b2c4832ec9c9e65df43ad1227b2
                                                                                                                                                                                                            • Instruction ID: 1a24facae53b32e7f24878930971798de7be4fd5c328f77f8965f81cfc1cdc6f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c23ce83365182f8026bb8212b8d26b2493443b2c4832ec9c9e65df43ad1227b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8019671A41329ABD711EB659C09AEBB7A8DF04710F104166F845F7241EA74DE8886F1
                                                                                                                                                                                                            Function 00E0FD20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000900,?,00000000,00000000,00000000,00000000,?,00000000,?,?,00E103EC,?,00000000,?,?,00000001), ref: 00E0FD3F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E103EC,?,00000000,?,?,00000001,?,00DD5523,?,?,00000000,?,?,00DD528D,00000002), ref: 00E0FD4B
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,00E103EC,?,00000000,?,?,00000001,?,00DD5523,?,?), ref: 00E0FDB3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                            • String ID: logutil.cpp
                                                                                                                                                                                                            • API String ID: 1365068426-3545173039
                                                                                                                                                                                                            • Opcode ID: 37f28cc03e02a054292e704ad776f9e0b0aeb05e0e86200f7fd0b2cc684d7b55
                                                                                                                                                                                                            • Instruction ID: 140847a72192ea94fca954d9af8748d5b2531760325520e23947f3fb74b76ae6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37f28cc03e02a054292e704ad776f9e0b0aeb05e0e86200f7fd0b2cc684d7b55
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25114F31600219FBDB21AF95DD05FEF7B69EF59710F01402AFD05A61A0D7718AA0E7A1
                                                                                                                                                                                                            Function 00DF6945 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DF68EF,00000000,00000003), ref: 00DF695C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DF68EF,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,00DF6CE1,?), ref: 00DF6966
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set service start type., xrefs: 00DF6994
                                                                                                                                                                                                            • msuengine.cpp, xrefs: 00DF698A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ChangeConfigErrorLastService
                                                                                                                                                                                                            • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                                                                                                                            • API String ID: 1456623077-1628545019
                                                                                                                                                                                                            • Opcode ID: d727295f27301ab621d6e5ecb3d40750514b3ed83c09bed1b333221dd4fe8dd5
                                                                                                                                                                                                            • Instruction ID: 2b6d6579d8cc68dcccc6e4daaecbf58d07fae06cf7c251459241dfb81dd71640
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d727295f27301ab621d6e5ecb3d40750514b3ed83c09bed1b333221dd4fe8dd5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0E5327083347AAB102AAA6C05EC77EC8DF057B0F214325FE28F61E0DA218D0082F5
                                                                                                                                                                                                            Function 00E0A85E Relevance: 6.4, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                            • API String ID: 0-2761157908
                                                                                                                                                                                                            • Opcode ID: bd01eac4c6e450a66b3d66b37d84aacd17b4936cf22ee4e3a26730dbf6e193e1
                                                                                                                                                                                                            • Instruction ID: 356ff49e465a1978ac2ddb0d6b19b445e019a4c09ffca16d26a7805a4664189a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd01eac4c6e450a66b3d66b37d84aacd17b4936cf22ee4e3a26730dbf6e193e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BC21671E046298BDB25CE289D407EAB7B9FB84305F1951EAD44DF7280E774AEC18F41
                                                                                                                                                                                                            Function 00DFE625 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00DFE632
                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00000017,?), ref: 00DFE6FA
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,00000017,?), ref: 00DFE719
                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,00000017,?), ref: 00DFE723
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                            • Opcode ID: a74bc46738201bd90820437886c6d4a0dae075023935b13c4e8ab2dce8df9718
                                                                                                                                                                                                            • Instruction ID: 602c570c7a81e1091350912e6eefd05a88f4691ffaee841521b4a65420e04ec8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a74bc46738201bd90820437886c6d4a0dae075023935b13c4e8ab2dce8df9718
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE31E975C0122C9BDB10DFA5D9896DDBBB8EF08304F1081AAE40DE7210EB755B89CF95
                                                                                                                                                                                                            Function 00DFE188 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00DFE2A7,00E30BF4,00000017), ref: 00DFE18D
                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00E30BF4,?,00DFE2A7,00E30BF4,00000017), ref: 00DFE196
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00DFE2A7,00E30BF4,00000017), ref: 00DFE1A1
                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00DFE2A7,00E30BF4,00000017), ref: 00DFE1A8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                            • Opcode ID: a7a0428d0dd1a7a580111d1a4a5e0fb1f167a41dbcd8eb728ff9ea96c12c47cc
                                                                                                                                                                                                            • Instruction ID: 6a80998f62ec1966139c0067ae1890390dcbab9e3c83f9ea4417c1a3f3e62792
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7a0428d0dd1a7a580111d1a4a5e0fb1f167a41dbcd8eb728ff9ea96c12c47cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53D0CA32000208BFCB002FE3EC0CACD3A28BB08202F048000F30AE6030CB714448CBA9
                                                                                                                                                                                                            Function 00E1962D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00E1963E
                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 00E19659
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoQuerySystemVirtual
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 401686933-2746444292
                                                                                                                                                                                                            • Opcode ID: 6ce185b9dd64b905f123ad04f418753aca99f1d34087ba4907e28b43025d3f47
                                                                                                                                                                                                            • Instruction ID: 33720d448b86428d7362c91d4db9cfc45d9f1a2a3930f3570195f17c195f4de4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ce185b9dd64b905f123ad04f418753aca99f1d34087ba4907e28b43025d3f47
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE01F732A00109AFCF14DE65CC14BEEBBE8AF88324F088129ED5AE7151DB34E856C790
                                                                                                                                                                                                            Function 00E03BB0 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00E03CA8
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00E03CB2
                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 00E03CBF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                            • Opcode ID: 1e150a8e2edc5dbaec11349172a293637176ea82c9ed6c5ac63d7fb80d0478e1
                                                                                                                                                                                                            • Instruction ID: 3cc957ebba13f6c5f6267a8ae3b4ba665f61849f5f253804e38fb8bb250e61d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e150a8e2edc5dbaec11349172a293637176ea82c9ed6c5ac63d7fb80d0478e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E31B57590121CABCB21DF65D9897DDBBB8EF08310F5081EAE41CA7261EB709F858F54
                                                                                                                                                                                                            Function 00DFE9A7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00DFE9C0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2325560087-3916222277
                                                                                                                                                                                                            • Opcode ID: 06f468b7ef2bd456e1c982b3350a6a46543b806b26acfed48b53863687af551c
                                                                                                                                                                                                            • Instruction ID: c21638ec31fe81b893f44b9cda0fff82e05ac4395fe232ec84e60df6ce97bc2b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06f468b7ef2bd456e1c982b3350a6a46543b806b26acfed48b53863687af551c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8417F7190031D9FDB18CF5AD88A7AABBF5FB48314F19812AD505E72A0D3749984CF61
                                                                                                                                                                                                            Function 00E07A87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                            • Opcode ID: a4ac353d9f9ac09add5b6e431deb6e89291edd269ecce7dc36dcdb5912588bff
                                                                                                                                                                                                            • Instruction ID: 63ee32499b090900f071c19a31b14adb23720394db23bc03905a0b7aab1d5f29
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ac353d9f9ac09add5b6e431deb6e89291edd269ecce7dc36dcdb5912588bff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6412872A002196ECB249FB9DC89DBB77B9EB84314F504269F955E71C0E630AEC1CB60
                                                                                                                                                                                                            Function 00E1393B Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E13AC9: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00E1396A,?), ref: 00E13B3A
                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00E1398E
                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00E1399F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2114926846-0
                                                                                                                                                                                                            • Opcode ID: 0bd8886f9aefad8c716690f6f05c794a3cd3a999179c1fe7fff0249bd6300c8d
                                                                                                                                                                                                            • Instruction ID: 9cf4b056bd6f94221129b62f5db9b8d53b3cf5bd827a5f09b7d35404ca35220e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd8886f9aefad8c716690f6f05c794a3cd3a999179c1fe7fff0249bd6300c8d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD1127B190021AEFDB10DFA5CC85AEFBBB8FF08304F50582DA555B6181E7709A88CB61
                                                                                                                                                                                                            Function 00E14315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00DF8FFA,?,000002C0,00000000,00000000), ref: 00E14350
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00E1435C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                            • Opcode ID: fa800d378f3766f8cb76433c158a7a92ce63fa566f7149b257cfd0e8377f80e4
                                                                                                                                                                                                            • Instruction ID: 12a90a88443ddd8e0e55c2902be288de864d8daf524ca1341b22e1a7aad4e78f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa800d378f3766f8cb76433c158a7a92ce63fa566f7149b257cfd0e8377f80e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F601D67260010CABDB10EF6A9D899AAB7ADEBC5315F004165F958E3280DB305E8D8B60
                                                                                                                                                                                                            Function 00E02B21 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 0$comres.dll
                                                                                                                                                                                                            • API String ID: 0-3030269839
                                                                                                                                                                                                            • Opcode ID: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                                                                            • Instruction ID: a98b838a57421f5da3836a97130d780475a5cfa3ea02c198ee1a3b167d36f6bc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34513460600A4657EF384D78489EBFEB3C9EB12348F18350EDB82BB2C2D615DEC19756
                                                                                                                                                                                                            Function 00E0ED4C Relevance: 1.8, APIs: 1, Instructions: 269COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E0ED47,?,?,00000008,?,?,00E0E9E7,00000000), ref: 00E0EF79
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                            • Opcode ID: 408f0a0eef97096d1097d7d6046981d5fb954cb821a1014adf3ca0d92bf9fa94
                                                                                                                                                                                                            • Instruction ID: a845c2129a19ee623d162aca51e65920d36aaa0d14d6873446dae9bfb9d818bb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 408f0a0eef97096d1097d7d6046981d5fb954cb821a1014adf3ca0d92bf9fa94
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03B12B316106099FD719CF28C486B957BE0FF45368F299A68E899DF3E1C335E992CB40
                                                                                                                                                                                                            Function 00E1858F Relevance: 1.5, APIs: 1, Instructions: 23timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?,00000000,?,?,?), ref: 00E185A7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: SystemTime
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2656138-0
                                                                                                                                                                                                            • Opcode ID: 97435e499f5c5e9faad2079a6916eb1e36384ffc4b41fda9c0b0c7741e0fefee
                                                                                                                                                                                                            • Instruction ID: f4a253f6e598451959c6fa910c4e2f1294d863749dd155af7dfee4777f9b4e27
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97435e499f5c5e9faad2079a6916eb1e36384ffc4b41fda9c0b0c7741e0fefee
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60E0487190110DEF8F00EFA4D945CFEB7BDEF15210B51405AF901A7100DA30AF5D8BA2
                                                                                                                                                                                                            Function 00DFE773 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0002E77F,00DFDEF8), ref: 00DFE778
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                            • Opcode ID: 25ec0348e20312b1c3f4f511f8af2c2c74f21a04a1ad7d70df445219e12f31d1
                                                                                                                                                                                                            • Instruction ID: 3b5b5bf2652f26a93f3703afe0ef11660dea5669ad5970a27f54f7b258cb49ed
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25ec0348e20312b1c3f4f511f8af2c2c74f21a04a1ad7d70df445219e12f31d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                            Function 00DFF919 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 10bf15bf4787c4fef12fb02cfbb7361812c131d2ec4ed47a9ec1b79459b86c31
                                                                                                                                                                                                            • Instruction ID: 6005628ac0cf3d44c00f9ece10be8f3ddb03a31a48b795251de3a461f0079b08
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10bf15bf4787c4fef12fb02cfbb7361812c131d2ec4ed47a9ec1b79459b86c31
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E80216322055A309CB2D4B79D47023A7BA06E623B571E936DD8F7DF0D6EE20D9A4D620
                                                                                                                                                                                                            Function 00E0A3B0 Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: eb5ef6380223df80c09fbffff4406c54564286920eb9de1bd108dda9bf4439f2
                                                                                                                                                                                                            • Instruction ID: c680165642b34a5a5bdce93c2e72b8a84b1de2162994c33696a2860cb491619b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb5ef6380223df80c09fbffff4406c54564286920eb9de1bd108dda9bf4439f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB022C71E002199FDF14CFA9D8906ADB7F1FF48314F29926AD919F7280D731AA81CB91
                                                                                                                                                                                                            Function 00E00662 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                                                                                            • Instruction ID: 36ab60889d1df97143cd83c821212b165a1204ff4681c9c1255171216ce23096
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82C1F5322051A309DF2D4679E43433EFAB16EA27B571A736DD4B3EB0D5EE20C5A4D620
                                                                                                                                                                                                            Function 00E00A97 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                                                                                            • Instruction ID: f0aab7efd29500857d243b6a3f1068d9fbe2f96c1ca73a17ba68461504eb120b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51C109322051A30ADF2D4679E43433EFAB16EA27B571A375DD4B3EB0D5EE20C5A4C520
                                                                                                                                                                                                            Function 00E0022D Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                                            • Instruction ID: 2535fc753a88292ae68f81043751a8f9ecbc49ef808677d2831a45421afcd903
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71C1E6322055A30ADF2D4679E43833EBBB15AA27B571A336DD4F3EB0D5EE20C5A4D610
                                                                                                                                                                                                            Function 00DFFE15 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                            • Instruction ID: e42ab06b4041f441e5e3f395cf6e4ffa770e4c06396bc661a667eccae7d96191
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BC1D5322050A309DF2D4A79E43423EFBB16EA27B571E676DD4B3DB0D5EE20C5A4D620
                                                                                                                                                                                                            Function 00E02D50 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e5db75ca9287cf1290810389572c0e42f6ba657adf92e355c2dd8328ef7093e5
                                                                                                                                                                                                            • Instruction ID: d617eed411de6beff0f7017c7148a58b99adbaa9f7a4696fa18ec0a3808111cb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5db75ca9287cf1290810389572c0e42f6ba657adf92e355c2dd8328ef7093e5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01615B7138070956DA3A9A28C89DBFE23D9EB51348F14391EEB83FF2C1D6129DC38255
                                                                                                                                                                                                            Function 00DDFE26 Relevance: 81.0, APIs: 1, Strings: 45, Instructions: 476registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000101,?,?,00020006,00000000,?,?,?), ref: 00DE0409
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                            • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.10.4.4718$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString
                                                                                                                                                                                                            • API String ID: 3535843008-3978993339
                                                                                                                                                                                                            • Opcode ID: 091b7f065ee023685e20409e43d3b05ccd430916e0bf34268f17131233c68094
                                                                                                                                                                                                            • Instruction ID: ca3efed4a26c4a884a90eea14deaf9376782feab5d61a949e2a2dedc35d608cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 091b7f065ee023685e20409e43d3b05ccd430916e0bf34268f17131233c68094
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEF1E631A40BB6FBCB226651DC02BADBEA5BF00710F051261FD04B6692D7B1EDE0D6E0
                                                                                                                                                                                                            Function 00DDCCB6 Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 366COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,00DD5355,00000000,00E1CA64,00DD533D,00000000), ref: 00DDCDEC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 00DDD0AB
                                                                                                                                                                                                            • Failed to get @LayoutOnly., xrefs: 00DDD090
                                                                                                                                                                                                            • Failed to get @DownloadUrl., xrefs: 00DDD0E3
                                                                                                                                                                                                            • Hash, xrefs: 00DDCFB0
                                                                                                                                                                                                            • Failed to get @Hash., xrefs: 00DDD0DC
                                                                                                                                                                                                            • Failed to select payload nodes., xrefs: 00DDCCE4
                                                                                                                                                                                                            • download, xrefs: 00DDCDDE
                                                                                                                                                                                                            • DownloadUrl, xrefs: 00DDCED2
                                                                                                                                                                                                            • Failed to get @Container., xrefs: 00DDD086
                                                                                                                                                                                                            • Failed to parse @FileSize., xrefs: 00DDD09A
                                                                                                                                                                                                            • embedded, xrefs: 00DDCDFE
                                                                                                                                                                                                            • Failed to get @CertificateRootThumbprint., xrefs: 00DDD0C0
                                                                                                                                                                                                            • FilePath, xrefs: 00DDCDA4
                                                                                                                                                                                                            • Failed to get @FilePath., xrefs: 00DDD113
                                                                                                                                                                                                            • Failed to get @FileSize., xrefs: 00DDD0A4
                                                                                                                                                                                                            • Failed to get @SourcePath., xrefs: 00DDD0EA
                                                                                                                                                                                                            • Failed to get @Id., xrefs: 00DDD11A
                                                                                                                                                                                                            • Failed to get next node., xrefs: 00DDD121
                                                                                                                                                                                                            • Failed to find catalog., xrefs: 00DDD0C7
                                                                                                                                                                                                            • Failed to get payload node count., xrefs: 00DDCD09
                                                                                                                                                                                                            • Payload, xrefs: 00DDCCD1
                                                                                                                                                                                                            • LayoutOnly, xrefs: 00DDCE86
                                                                                                                                                                                                            • Packaging, xrefs: 00DDCDBF
                                                                                                                                                                                                            • Failed to allocate memory for payload structs., xrefs: 00DDCD42
                                                                                                                                                                                                            • FileSize, xrefs: 00DDCEFB
                                                                                                                                                                                                            • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 00DDD0B2
                                                                                                                                                                                                            • external, xrefs: 00DDCE1A
                                                                                                                                                                                                            • Catalog, xrefs: 00DDCFE5
                                                                                                                                                                                                            • Invalid value for @Packaging: %ls, xrefs: 00DDD0F9
                                                                                                                                                                                                            • CertificateRootThumbprint, xrefs: 00DDCF73
                                                                                                                                                                                                            • SourcePath, xrefs: 00DDCEA9
                                                                                                                                                                                                            • Failed to to find container: %ls, xrefs: 00DDD07F
                                                                                                                                                                                                            • CertificateRootPublicKeyIdentifier, xrefs: 00DDCF36
                                                                                                                                                                                                            • Container, xrefs: 00DDCE44
                                                                                                                                                                                                            • Failed to get @Catalog., xrefs: 00DDD0CE
                                                                                                                                                                                                            • Failed to get @Packaging., xrefs: 00DDD10C
                                                                                                                                                                                                            • payload.cpp, xrefs: 00DDCD38
                                                                                                                                                                                                            • Failed to hex decode the Payload/@Hash., xrefs: 00DDD0D5
                                                                                                                                                                                                            • Failed to hex decode @CertificateRootThumbprint., xrefs: 00DDD0B9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateCompareProcessString
                                                                                                                                                                                                            • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$download$embedded$external$payload.cpp
                                                                                                                                                                                                            • API String ID: 1171520630-3127305756
                                                                                                                                                                                                            • Opcode ID: 738e9ce34d345268df4b49b3745b0042f7bd88038a433ffb7829dcb412d01015
                                                                                                                                                                                                            • Instruction ID: 05884942709da14541ab4acfa488b86f7d9402bbcf6b11f5f6c5eec16b6e016e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 738e9ce34d345268df4b49b3745b0042f7bd88038a433ffb7829dcb412d01015
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EC1A371D41726BACF219AA0CC42EEEBA65EF04720F145266F911B7290C775EE81D7E0
                                                                                                                                                                                                            Function 00DD834D Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00DD533D,?,00000000,80070490,?,?,?,?,?,?,?,?,00DFBF87,?,00DD533D,?), ref: 00DD837E
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00DD533D,?,?,?,?,?,?,?,?,00DFBF87,?,00DD533D,?,00DD533D,00DD533D,Chain), ref: 00DD86DB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to select variable nodes., xrefs: 00DD839B
                                                                                                                                                                                                            • Value, xrefs: 00DD843C
                                                                                                                                                                                                            • string, xrefs: 00DD84CE
                                                                                                                                                                                                            • Variable, xrefs: 00DD8388
                                                                                                                                                                                                            • Initializing numeric variable '%ls' to value '%ls', xrefs: 00DD84B9
                                                                                                                                                                                                            • Failed to set variant value., xrefs: 00DD8666
                                                                                                                                                                                                            • Failed to insert variable '%ls'., xrefs: 00DD859D
                                                                                                                                                                                                            • Initializing string variable '%ls' to value '%ls', xrefs: 00DD84F1
                                                                                                                                                                                                            • version, xrefs: 00DD8503
                                                                                                                                                                                                            • Failed to set variant encryption, xrefs: 00DD8674
                                                                                                                                                                                                            • Initializing version variable '%ls' to value '%ls', xrefs: 00DD852A
                                                                                                                                                                                                            • Failed to get @Hidden., xrefs: 00DD86BF
                                                                                                                                                                                                            • Type, xrefs: 00DD847A
                                                                                                                                                                                                            • numeric, xrefs: 00DD8493
                                                                                                                                                                                                            • Initializing hidden variable '%ls', xrefs: 00DD8548
                                                                                                                                                                                                            • Failed to set value of variable: %ls, xrefs: 00DD867E
                                                                                                                                                                                                            • Invalid value for @Type: %ls, xrefs: 00DD864F
                                                                                                                                                                                                            • Attempt to set built-in variable value: %ls, xrefs: 00DD869F
                                                                                                                                                                                                            • Failed to get @Id., xrefs: 00DD86C6
                                                                                                                                                                                                            • Failed to get next node., xrefs: 00DD86CD
                                                                                                                                                                                                            • Failed to get @Value., xrefs: 00DD866D
                                                                                                                                                                                                            • Failed to get variable node count., xrefs: 00DD83B8
                                                                                                                                                                                                            • Failed to find variable value '%ls'., xrefs: 00DD86A9
                                                                                                                                                                                                            • Failed to change variant type., xrefs: 00DD86B1
                                                                                                                                                                                                            • Failed to get @Persisted., xrefs: 00DD86B8
                                                                                                                                                                                                            • Hidden, xrefs: 00DD8406
                                                                                                                                                                                                            • Persisted, xrefs: 00DD8421
                                                                                                                                                                                                            • Failed to get @Type., xrefs: 00DD865F
                                                                                                                                                                                                            • variable.cpp, xrefs: 00DD8690
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                                                                                                                            • API String ID: 3168844106-1614826165
                                                                                                                                                                                                            • Opcode ID: 16f50b6bc3ce3d241a9a8545ded294489763f5db9ed22dd923f036c08d035c1e
                                                                                                                                                                                                            • Instruction ID: f8220dba02bba0fc6aefc1cd83504ae836d5d0d02594b70a1d86d916ae75d3a2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16f50b6bc3ce3d241a9a8545ded294489763f5db9ed22dd923f036c08d035c1e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08B1C472D40219BBCB129B94CC45EEEBBB5EF44720F214256F915B7391CB70DE90ABA0
                                                                                                                                                                                                            Function 00DF6A85 Relevance: 58.1, APIs: 7, Strings: 26, Instructions: 377COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00DEBBCA,00000007,?,?,?), ref: 00DF6AD9
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00DD5D8F,00000000), ref: 00E109CF
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetProcAddress.KERNEL32(00000000), ref: 00E109D6
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetLastError.KERNEL32(?,?,?,00DD5D8F,00000000), ref: 00E109ED
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00DF6EC9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00DF6EDD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to determine WOW64 status., xrefs: 00DF6AEB
                                                                                                                                                                                                            • Failed to append SysNative directory., xrefs: 00DF6B36
                                                                                                                                                                                                            • WixBundleExecutePackageCacheFolder, xrefs: 00DF6BC4, 00DF6EF5
                                                                                                                                                                                                            • Failed to build MSU path., xrefs: 00DF6BEE
                                                                                                                                                                                                            • Failed to format MSU uninstall command., xrefs: 00DF6C42
                                                                                                                                                                                                            • Failed to append log path to MSU command-line., xrefs: 00DF6C8D
                                                                                                                                                                                                            • /log:, xrefs: 00DF6C5B
                                                                                                                                                                                                            • "%ls" "%ls" /quiet /norestart, xrefs: 00DF6C01
                                                                                                                                                                                                            • SysNative\, xrefs: 00DF6B23
                                                                                                                                                                                                            • Failed to ensure WU service was enabled to install MSU package., xrefs: 00DF6CE7
                                                                                                                                                                                                            • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 00DF6C2E
                                                                                                                                                                                                            • Failed to allocate WUSA.exe path., xrefs: 00DF6B6C
                                                                                                                                                                                                            • Failed to get cached path for package: %ls, xrefs: 00DF6BB5
                                                                                                                                                                                                            • Failed to CreateProcess on path: %ls, xrefs: 00DF6D53
                                                                                                                                                                                                            • 2, xrefs: 00DF6D6C
                                                                                                                                                                                                            • wusa.exe, xrefs: 00DF6B59
                                                                                                                                                                                                            • Failed to find System32 directory., xrefs: 00DF6B4E
                                                                                                                                                                                                            • Failed to get process exit code., xrefs: 00DF6DE5
                                                                                                                                                                                                            • msuengine.cpp, xrefs: 00DF6D46, 00DF6DDB, 00DF6E03
                                                                                                                                                                                                            • Failed to wait for executable to complete: %ls, xrefs: 00DF6E58
                                                                                                                                                                                                            • D, xrefs: 00DF6CF4
                                                                                                                                                                                                            • Failed to get action arguments for MSU package., xrefs: 00DF6B8F
                                                                                                                                                                                                            • Failed to format MSU install command., xrefs: 00DF6C15
                                                                                                                                                                                                            • Failed to find Windows directory., xrefs: 00DF6B18
                                                                                                                                                                                                            • Bootstrapper application aborted during MSU progress., xrefs: 00DF6E0D
                                                                                                                                                                                                            • Failed to append log switch to MSU command-line., xrefs: 00DF6C6F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                                                                                                                                                            • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuengine.cpp$wusa.exe
                                                                                                                                                                                                            • API String ID: 1400713077-4261965642
                                                                                                                                                                                                            • Opcode ID: 188b57888f88a1e06cd3c5be2f82283c36c5aaef63ed8714a14912393a8b863e
                                                                                                                                                                                                            • Instruction ID: 94ea248ec28846e0cd88670461aac9db63518ef08596c407a34b1767130cc729
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 188b57888f88a1e06cd3c5be2f82283c36c5aaef63ed8714a14912393a8b863e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85D19A75A4031EBADB11AFA8DC85AFE7AB8EF08704F118026B701F2561D7B4DE449B71
                                                                                                                                                                                                            Function 00E172F4 Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 340COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 00E17407
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E175D0
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E1766D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$FreeHeap$AllocateCompareProcess
                                                                                                                                                                                                            • String ID: ($@$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                                                                                                                                                            • API String ID: 1555028553-2592408802
                                                                                                                                                                                                            • Opcode ID: 01fee602f7e7127df0470e8521a142e28195c9ed444b18dc53b8865ca6d811d4
                                                                                                                                                                                                            • Instruction ID: 1b13de1d7b42b2542250df4a8e474333409636bfe4d78e87341bcfd8ba8d3475
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01fee602f7e7127df0470e8521a142e28195c9ed444b18dc53b8865ca6d811d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43B1C171908616BBCB119B68CC41FEEBBB5AB04B24F206355F561B72D1D770EE80CB90
                                                                                                                                                                                                            Function 00E16FB7 Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 298COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00E33C78,000000FF,?,?,?), ref: 00E1707E
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 00E170A3
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00E170C3
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 00E170DF
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 00E17107
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00E17123
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 00E1715C
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 00E17195
                                                                                                                                                                                                              • Part of subcall function 00E16BF6: SysFreeString.OLEAUT32(00000000), ref: 00E16D2F
                                                                                                                                                                                                              • Part of subcall function 00E16BF6: SysFreeString.OLEAUT32(00000000), ref: 00E16D71
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E17219
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E172C9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Compare$Free
                                                                                                                                                                                                            • String ID: ($atomutil.cpp$author$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                                                                                                                            • API String ID: 318886736-4294603148
                                                                                                                                                                                                            • Opcode ID: 3408c69aee6908454402a68e45d073d260f84239a0cffda2f458ca5883bcd315
                                                                                                                                                                                                            • Instruction ID: 7e57b4ac727a4a8b86111c41c95e05a826a94d4ee08f95dea67cba8dfd371049
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3408c69aee6908454402a68e45d073d260f84239a0cffda2f458ca5883bcd315
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7A1BF71A08216BBCB219BA4CC41FEDBB74AB05B20F206355F561B61E1D770EE91DB90
                                                                                                                                                                                                            Function 00DE52E3 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 222filepipesleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000000,?,00E1B4F0,?,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE5304
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE530F
                                                                                                                                                                                                            • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE5346
                                                                                                                                                                                                            • ConnectNamedPipe.KERNEL32(?,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE535B
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE5365
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,?,00DD442A,?,00E1B4F0), ref: 00DE5396
                                                                                                                                                                                                            • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE53B9
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE53D4
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00DD442A,00E1B4F0,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE53EF
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE540A
                                                                                                                                                                                                            • ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE5425
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE547D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE54B1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE54E5
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE557B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                                                                                                                            • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                                                            • API String ID: 2944378912-2047837012
                                                                                                                                                                                                            • Opcode ID: 3863eba2fc26cac7b984bc8fa4a027185942e7b0544844a756920478e0fdafe8
                                                                                                                                                                                                            • Instruction ID: fd9e5aae93a81ca5a10691b404ad16f3fc516931bf8159ad7a45f763b3ae080b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3863eba2fc26cac7b984bc8fa4a027185942e7b0544844a756920478e0fdafe8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F261D2B2E40725BAE710AABAAD45BEAB6E8EF04780F114125FD01F61D0D7748E048AF1
                                                                                                                                                                                                            Function 00DFD22C Relevance: 44.0, APIs: 10, Strings: 15, Instructions: 276processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • UuidCreate.RPCRT4(?), ref: 00DFD2A7
                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 00DFD2D0
                                                                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?,?,?,?,?), ref: 00DFD3BC
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00DFD3C6
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 00DFD45B
                                                                                                                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00DFD485
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00DFD493
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00DFD4CB
                                                                                                                                                                                                              • Part of subcall function 00DFD12C: WaitForSingleObject.KERNEL32(?,000000FF,769230B0,00000000,?,?,?,?,00DFD439,?), ref: 00DFD145
                                                                                                                                                                                                              • Part of subcall function 00DFD12C: ReleaseMutex.KERNEL32(?,?,?,?,00DFD439,?), ref: 00DFD161
                                                                                                                                                                                                              • Part of subcall function 00DFD12C: WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DFD1A4
                                                                                                                                                                                                              • Part of subcall function 00DFD12C: ReleaseMutex.KERNEL32(?), ref: 00DFD1BB
                                                                                                                                                                                                              • Part of subcall function 00DFD12C: SetEvent.KERNEL32(?), ref: 00DFD1C4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 00DFD580
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 00DFD598
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to allocate event name., xrefs: 00DFD333
                                                                                                                                                                                                            • D, xrefs: 00DFD3A1
                                                                                                                                                                                                            • %ls /pipe %ls, xrefs: 00DFD373
                                                                                                                                                                                                            • NetFxSection.%ls, xrefs: 00DFD2FD
                                                                                                                                                                                                            • Failed to create netfx chainer., xrefs: 00DFD352
                                                                                                                                                                                                            • Failed to convert netfx chainer guid into string., xrefs: 00DFD2EF
                                                                                                                                                                                                            • Failed to create netfx chainer guid., xrefs: 00DFD2B4
                                                                                                                                                                                                            • Failed to process netfx chainer message., xrefs: 00DFD43F
                                                                                                                                                                                                            • NetFxChainer.cpp, xrefs: 00DFD2E5, 00DFD3EA, 00DFD4B7, 00DFD4EF
                                                                                                                                                                                                            • Failed to allocate netfx chainer arguments., xrefs: 00DFD387
                                                                                                                                                                                                            • Failed to allocate section name., xrefs: 00DFD311
                                                                                                                                                                                                            • Failed to get netfx return code., xrefs: 00DFD4C1
                                                                                                                                                                                                            • NetFxEvent.%ls, xrefs: 00DFD31F
                                                                                                                                                                                                            • Failed to wait for netfx chainer process to complete, xrefs: 00DFD4F9
                                                                                                                                                                                                            • Failed to CreateProcess on path: %ls, xrefs: 00DFD3F5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastWait$CloseCreateHandleMutexObjectProcessReleaseSingle$CodeEventExitFromMultipleObjectsStringUuid
                                                                                                                                                                                                            • String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                                                                                                                            • API String ID: 2531618940-1825855094
                                                                                                                                                                                                            • Opcode ID: 9deae56de2281b5769108ca09217d6693646744414e7d1839e8889476eafed0b
                                                                                                                                                                                                            • Instruction ID: d7ce1038c4d4f3312cf32938e8e58d5afc403fb58e38dd95818155e461954f0e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9deae56de2281b5769108ca09217d6693646744414e7d1839e8889476eafed0b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6A16072E40328AFDB209BA4CC45BEEB7BAEB04710F118165EA09F7251D7759A44CFB1
                                                                                                                                                                                                            Function 00DDA311 Relevance: 40.5, APIs: 6, Strings: 17, Instructions: 299registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 00DDA666
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to clear variable., xrefs: 00DDA3D4
                                                                                                                                                                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00DDA418
                                                                                                                                                                                                            • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 00DDA63E
                                                                                                                                                                                                            • Failed to read registry value., xrefs: 00DDA5F4
                                                                                                                                                                                                            • Failed to set variable., xrefs: 00DDA629
                                                                                                                                                                                                            • Failed to format key string., xrefs: 00DDA361
                                                                                                                                                                                                            • Failed to open registry key., xrefs: 00DDA3E9
                                                                                                                                                                                                            • Unsupported registry key value type. Type = '%u', xrefs: 00DDA506
                                                                                                                                                                                                            • search.cpp, xrefs: 00DDA44A, 00DDA47D, 00DDA4CE, 00DDA5D1
                                                                                                                                                                                                            • Failed to query registry key value size., xrefs: 00DDA454
                                                                                                                                                                                                            • Failed to allocate memory registry value., xrefs: 00DDA487
                                                                                                                                                                                                            • Failed to query registry key value., xrefs: 00DDA4D8
                                                                                                                                                                                                            • Failed to change value type., xrefs: 00DDA60D
                                                                                                                                                                                                            • Failed to get expand environment string., xrefs: 00DDA5DB
                                                                                                                                                                                                            • Failed to allocate string buffer., xrefs: 00DDA565
                                                                                                                                                                                                            • Failed to format value string., xrefs: 00DDA387
                                                                                                                                                                                                            • Registry key not found. Key = '%ls', xrefs: 00DDA3B0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                            • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                                                                                                                            • API String ID: 3535843008-3124384294
                                                                                                                                                                                                            • Opcode ID: edb65792326773059c1c7a04cda0fa2f6d16852080a8b69090956b2f01af26a0
                                                                                                                                                                                                            • Instruction ID: 9fab22c52016bbe13320cc2b61fe02831c1d1bf43e87f45429140ad70863e892
                                                                                                                                                                                                            • Opcode Fuzzy Hash: edb65792326773059c1c7a04cda0fa2f6d16852080a8b69090956b2f01af26a0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77A19272E40629FBDF129AA8DC45EEE7AA9EF04310F14C122FD04B6350D671DE509BB2
                                                                                                                                                                                                            Function 00DFCC24 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 235synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,00DFD34C,?,?,?), ref: 00DFCC6A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DFD34C,?,?,?), ref: 00DFCC77
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00DFCEDF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                                                                                                                                                            • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                                                                                                                            • API String ID: 3944734951-2991465304
                                                                                                                                                                                                            • Opcode ID: b70eba35828978897b48adbfaa85edbaf2f31ed9f138935671222a6602cfd55b
                                                                                                                                                                                                            • Instruction ID: 7a20d159e280ee57256aebd4ec9fc1f8551958a5402301216fd9e68015262f2c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b70eba35828978897b48adbfaa85edbaf2f31ed9f138935671222a6602cfd55b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F071DF72A40729BFD3119B698D49FAB7AE8EF08350F028126FE08B7251D7748D64C6B5
                                                                                                                                                                                                            Function 00DDE936 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 231COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E131C7: VariantInit.OLEAUT32(?), ref: 00E131DD
                                                                                                                                                                                                              • Part of subcall function 00E131C7: SysAllocString.OLEAUT32(?), ref: 00E131F9
                                                                                                                                                                                                              • Part of subcall function 00E131C7: VariantClear.OLEAUT32(?), ref: 00E13280
                                                                                                                                                                                                              • Part of subcall function 00E131C7: SysFreeString.OLEAUT32(00000000), ref: 00E1328B
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,00E1CA64,?,?,Action,?,?,?,00000000,00DD533D), ref: 00DDEA07
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 00DDEA51
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • comres.dll, xrefs: 00DDEA1A
                                                                                                                                                                                                            • Failed to resize Detect code array in registration, xrefs: 00DDEB22
                                                                                                                                                                                                            • Invalid value for @Action: %ls, xrefs: 00DDEB46
                                                                                                                                                                                                            • Addon, xrefs: 00DDEA8E
                                                                                                                                                                                                            • RelatedBundle, xrefs: 00DDE944
                                                                                                                                                                                                            • Failed to resize Upgrade code array in registration, xrefs: 00DDEB29
                                                                                                                                                                                                            • Action, xrefs: 00DDE9C4
                                                                                                                                                                                                            • Detect, xrefs: 00DDE9F8
                                                                                                                                                                                                            • Failed to get @Id., xrefs: 00DDEB56
                                                                                                                                                                                                            • Failed to get next RelatedBundle element., xrefs: 00DDEB64
                                                                                                                                                                                                            • Failed to get RelatedBundle element count., xrefs: 00DDE98B
                                                                                                                                                                                                            • Failed to resize Patch code array in registration, xrefs: 00DDEB37
                                                                                                                                                                                                            • Patch, xrefs: 00DDEAD1
                                                                                                                                                                                                            • Upgrade, xrefs: 00DDEA44
                                                                                                                                                                                                            • version.dll, xrefs: 00DDEA64
                                                                                                                                                                                                            • Failed to get RelatedBundle nodes, xrefs: 00DDE966
                                                                                                                                                                                                            • cabinet.dll, xrefs: 00DDEAAE
                                                                                                                                                                                                            • Failed to get @Action., xrefs: 00DDEB5D
                                                                                                                                                                                                            • Failed to resize Addon code array in registration, xrefs: 00DDEB30
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                                                                                                                            • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                                                                                                                                                                            • API String ID: 702752599-259800149
                                                                                                                                                                                                            • Opcode ID: a2169d13d82ed0e01cc16465de6ca49e5f9bd74a716473fbc2a13178ec48b3a1
                                                                                                                                                                                                            • Instruction ID: 910f23790c32abcd9be83087a941b64698468b3c06af017b87557c3f53be39f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2169d13d82ed0e01cc16465de6ca49e5f9bd74a716473fbc2a13178ec48b3a1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D771A031A45726BBCB10AB54CC41EAAB7B4FF04720F215256E926BB781D730EE40CBA0
                                                                                                                                                                                                            Function 00DD8E48 Relevance: 37.2, APIs: 8, Strings: 13, Instructions: 433COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(00000001,5600E1DB,00000001,?,00DD9801,?,00000000,00000000), ref: 00DD8E8D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • AND, xrefs: 00DD9187
                                                                                                                                                                                                            • -, xrefs: 00DD8FF1
                                                                                                                                                                                                            • Failed to set symbol value., xrefs: 00DD8F35
                                                                                                                                                                                                            • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 00DD903A
                                                                                                                                                                                                            • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 00DD928D
                                                                                                                                                                                                            • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 00DD8F6F
                                                                                                                                                                                                            • @, xrefs: 00DD8E93
                                                                                                                                                                                                            • condition.cpp, xrefs: 00DD8F5C, 00DD9027, 00DD909C, 00DD90F9, 00DD923A, 00DD927A, 00DD92B5
                                                                                                                                                                                                            • NOT, xrefs: 00DD91A7
                                                                                                                                                                                                            • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 00DD90AF
                                                                                                                                                                                                            • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 00DD92C8
                                                                                                                                                                                                            • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 00DD924D
                                                                                                                                                                                                            • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 00DD910C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: StringType
                                                                                                                                                                                                            • String ID: -$@$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                                                                                                                            • API String ID: 4177115715-3640792234
                                                                                                                                                                                                            • Opcode ID: 2e17aa3b24cc5a90777eff99460b2a61ddbe9b2d164d4acc7aa63e2532903932
                                                                                                                                                                                                            • Instruction ID: 16dc35456d7f4980f33062d8b038884bb9d27737b58912100ff24266d8fd0738
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e17aa3b24cc5a90777eff99460b2a61ddbe9b2d164d4acc7aa63e2532903932
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57E1E071604305EADB128F64CC99BBABB69EB05710F184187F9459F385C7B6CAC1DBB0
                                                                                                                                                                                                            Function 00DE44E7 Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 181fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,00DE49FE,00E1B4D8,?,feclient.dll,00000000,?,?), ref: 00DE44FE
                                                                                                                                                                                                            • ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,00DE49FE,00E1B4D8,?,feclient.dll,00000000,?,?), ref: 00DE451F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE49FE,00E1B4D8,?,feclient.dll,00000000,?,?), ref: 00DE4525
                                                                                                                                                                                                            • WriteFile.KERNEL32(feclient.dll,?,00000004,00DE49FE,00000000,?,00DE49FE,00E1B4D8,?,feclient.dll,00000000,?,?), ref: 00DE468E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE49FE,00E1B4D8,?,feclient.dll,00000000,?,?), ref: 00DE4698
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$CurrentProcessReadWrite
                                                                                                                                                                                                            • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
                                                                                                                                                                                                            • API String ID: 3008747291-452622383
                                                                                                                                                                                                            • Opcode ID: 16323c687d1201b9f12bf454287ed69fb549b6a33628c98ad5a26c6aa1de0c24
                                                                                                                                                                                                            • Instruction ID: 58b886da237103394703f92f6cfb93f8a7509dd8fc2c3aec31081b08d5e673d5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16323c687d1201b9f12bf454287ed69fb549b6a33628c98ad5a26c6aa1de0c24
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4251D6B2F40725BBE711AAA6AD81FEF76A8EB05710F11412AFE11F7190D7748E0486F1
                                                                                                                                                                                                            Function 00DF25AF Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                            • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                                                                                                                                                                            • API String ID: 760788290-1911311241
                                                                                                                                                                                                            • Opcode ID: 6c7b5d327af09c0a4ce4fdeab6896eb72875ac2287d889baed6ec9a27c802108
                                                                                                                                                                                                            • Instruction ID: 7318e6f5fd67fa6447e1c35ddb5f40d20fa42bef0003b5b0ba7be6fd626dd2f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c7b5d327af09c0a4ce4fdeab6896eb72875ac2287d889baed6ec9a27c802108
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4412D32B84739B7C72562609C42FBAB55C9B10B34F2B9321FE60F62D1C764EE4042B2
                                                                                                                                                                                                            Function 00DF1970 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 212COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 00DF1A77
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 00DF1A95
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                                                            • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$error$exeengine.cpp$forceReboot$scheduleReboot$success
                                                                                                                                                                                                            • API String ID: 2664528157-1714101571
                                                                                                                                                                                                            • Opcode ID: a6287f07ba58e351e99a8d46a1779c0c59bcab1a238bf3fc1e5a656f89855b01
                                                                                                                                                                                                            • Instruction ID: f4a45926e433afb1f38260935831bf4da32133e3232642836caffe141a241b2a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6287f07ba58e351e99a8d46a1779c0c59bcab1a238bf3fc1e5a656f89855b01
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7061E139A0522AFBCB109B54CC41EBEBBA4EF41720F218255F524BB291E770DA41D7A0
                                                                                                                                                                                                            Function 00DD567D Relevance: 33.5, APIs: 3, Strings: 19, Instructions: 476stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(000002C0,00000100,00000100,00000000,00000000,?,00DD99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00DD56A2
                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000,?,00DD99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00DD56AC
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(000002C0,00000000,00000000,00000000,00000000,00000000,00000001,?,00DD99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0), ref: 00DD5B56
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeavelstrlen
                                                                                                                                                                                                            • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                                                                                                                            • API String ID: 3224049430-2050445661
                                                                                                                                                                                                            • Opcode ID: 8234c2788002cb9d2da9215060ad06427f61aac46bde1f38b138ca36ff679030
                                                                                                                                                                                                            • Instruction ID: 6e6722c499a4ae0d95597dd688741e573046f0946a54f9e66cfe4011fead94d3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8234c2788002cb9d2da9215060ad06427f61aac46bde1f38b138ca36ff679030
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51F1BE72A00B29FADB219FA49C41AEF7BA8EB04750F15412BFD15BB344D7349E418BB1
                                                                                                                                                                                                            Function 00DDF09D Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 180registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E139CD: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 00E13A1A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00020006,00020006,00000000,?,?,00000002,00000000,?,00000000,00000001,00000002), ref: 00DDF2CB
                                                                                                                                                                                                              • Part of subcall function 00E11344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,00DDF11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00E11359
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to delete run key value., xrefs: 00DDF25A
                                                                                                                                                                                                            • Failed to write resume command line value., xrefs: 00DDF1EA
                                                                                                                                                                                                            • Installed, xrefs: 00DDF132
                                                                                                                                                                                                            • Resume, xrefs: 00DDF10F
                                                                                                                                                                                                            • Failed to create run key., xrefs: 00DDF1AA
                                                                                                                                                                                                            • BundleResumeCommandLine, xrefs: 00DDF1D5, 00DDF267
                                                                                                                                                                                                            • registration.cpp, xrefs: 00DDF250, 00DDF29D
                                                                                                                                                                                                            • Failed to delete resume command line value., xrefs: 00DDF2A7
                                                                                                                                                                                                            • Failed to write Resume value., xrefs: 00DDF120
                                                                                                                                                                                                            • burn.runonce, xrefs: 00DDF167
                                                                                                                                                                                                            • Failed to write run key value., xrefs: 00DDF1C8
                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00DDF0AE
                                                                                                                                                                                                            • Failed to format resume command line for RunOnce., xrefs: 00DDF186
                                                                                                                                                                                                            • Failed to write Installed value., xrefs: 00DDF143
                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 00DDF0FA
                                                                                                                                                                                                            • "%ls" /%ls, xrefs: 00DDF172
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseValueVersion
                                                                                                                                                                                                            • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
                                                                                                                                                                                                            • API String ID: 2348918689-3140388177
                                                                                                                                                                                                            • Opcode ID: 9f6e917733da8ecbe8a299b7c2243b2034edfedc99cb3f580073afedfbc27053
                                                                                                                                                                                                            • Instruction ID: bd48e7b5e1c3991578e949c27b7807eaa823e092f04e3befeec1e42bcf9790a1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f6e917733da8ecbe8a299b7c2243b2034edfedc99cb3f580073afedfbc27053
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C51F336A40739FBDF21ABA4DC42AAEBAA4AF04750F050176FD02F6291D770DE5096E4
                                                                                                                                                                                                            Function 00E17FEC Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,000002C0), ref: 00E18019
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 00E18034
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 00E180D7
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,00000018,00E1B508,00000000), ref: 00E18116
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 00E18169
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00E1B508,000000FF,true,000000FF), ref: 00E18187
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00E181BF
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 00E18303
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                                                                                                                            • API String ID: 1825529933-3037633208
                                                                                                                                                                                                            • Opcode ID: be1f882bc18541f106b27faa9927ca985ca577ab6057b6499c205f3b69b4913f
                                                                                                                                                                                                            • Instruction ID: 9fca5ed95362de627ce6745deabb8255bea8576ec4648e7dd6a9acd03b083108
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be1f882bc18541f106b27faa9927ca985ca577ab6057b6499c205f3b69b4913f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DB1AD72A04306AFDB218F64CD81F9A77B6AB44720F259655F979FB2D1DB70E880CB10
                                                                                                                                                                                                            Function 00E176A1 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 210COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 00E17703
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 00E17727
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 00E17746
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00E1777D
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 00E17798
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E177C3
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E17842
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E1788E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Compare$Free
                                                                                                                                                                                                            • String ID: comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                                                                                                                                                            • API String ID: 318886736-3944986760
                                                                                                                                                                                                            • Opcode ID: 2cd8ec9f3de8f126783c231a642bc82452b3b173dcb2c2ef3668b16ab7b10e71
                                                                                                                                                                                                            • Instruction ID: 2f7867f5bfa13f39e7b298fd828e0ba3be234a340e3da6fc8d9ef39c300695a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cd8ec9f3de8f126783c231a642bc82452b3b173dcb2c2ef3668b16ab7b10e71
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4716231904129BFCF15DBA4CC84EEEBBB8AF04725F205295F465B7190D7319E84DB90
                                                                                                                                                                                                            Function 00DEE177 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 144registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DEE05E: LoadBitmapW.USER32(?,00000001), ref: 00DEE094
                                                                                                                                                                                                              • Part of subcall function 00DEE05E: GetLastError.KERNEL32 ref: 00DEE0A0
                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00DEE1D8
                                                                                                                                                                                                            • RegisterClassW.USER32(?), ref: 00DEE1EC
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEE1F7
                                                                                                                                                                                                            • UnregisterClassW.USER32(WixBurnSplashScreen,?), ref: 00DEE2FC
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00DEE30B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                                                                                                                            • String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                                                                                                                                                            • API String ID: 164797020-2188509422
                                                                                                                                                                                                            • Opcode ID: 4c840dbb06fcdd37e2f4d5eceaa3514f514a5f3f9348f9fc59899c45f754f839
                                                                                                                                                                                                            • Instruction ID: 1e76d3c972f1f8c21500c5b15f8b91258b65f1be4d849e86796b49b597fc866b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c840dbb06fcdd37e2f4d5eceaa3514f514a5f3f9348f9fc59899c45f754f839
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB419D72A00669FFEB11AFE6EC45AEAB7A9FF08300F104125FA05F6160D7719D14C7A5
                                                                                                                                                                                                            Function 00DF9BB3 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 230threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,00DFBA53,00000001), ref: 00DF9C18
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DFBA53,00000001), ref: 00DF9D88
                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(00000001,00000000,?,00DFBA53,00000001), ref: 00DF9DC8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DFBA53,00000001), ref: 00DF9DD2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • apply.cpp, xrefs: 00DF9DAC, 00DF9DF6
                                                                                                                                                                                                            • Failed to execute compatible package action., xrefs: 00DF9D45
                                                                                                                                                                                                            • Failed to execute MSI package., xrefs: 00DF9C78
                                                                                                                                                                                                            • Failed to execute MSU package., xrefs: 00DF9CCD
                                                                                                                                                                                                            • Failed to execute dependency action., xrefs: 00DF9D08
                                                                                                                                                                                                            • Failed to execute MSP package., xrefs: 00DF9C9D
                                                                                                                                                                                                            • Failed to load compatible package on per-machine package., xrefs: 00DF9D2E
                                                                                                                                                                                                            • Invalid execute action., xrefs: 00DF9E23
                                                                                                                                                                                                            • Failed to wait for cache check-point., xrefs: 00DF9DB9
                                                                                                                                                                                                            • Cache thread exited unexpectedly., xrefs: 00DF9E14
                                                                                                                                                                                                            • Failed to execute EXE package., xrefs: 00DF9C4F
                                                                                                                                                                                                            • Failed to execute package provider registration action., xrefs: 00DF9CE9
                                                                                                                                                                                                            • Failed to get cache thread exit code., xrefs: 00DF9E03
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                                                                                                                            • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                                                                                                                            • API String ID: 3703294532-2662572847
                                                                                                                                                                                                            • Opcode ID: 42e5d72f0b937db0889f1117ad635a13bb09292a0b8ecfc8d064c69134adca90
                                                                                                                                                                                                            • Instruction ID: 6264a19cc182fe7ba4a61690aedc064cf584d44211ecfc5bff62625798b70a97
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42e5d72f0b937db0889f1117ad635a13bb09292a0b8ecfc8d064c69134adca90
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D713971E01229EFDB15DF64DD51EBEB7B8EB48710F22816ABA05E7250D2709E019BA0
                                                                                                                                                                                                            Function 00DFCA34 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 173processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(76918FB0,00000002,00000000), ref: 00DFCA40
                                                                                                                                                                                                              • Part of subcall function 00DE4B96: UuidCreate.RPCRT4(?), ref: 00DE4BC9
                                                                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000001,08000000,00000000,00000000,?,00DF21A5,?,?,00000000,?,?,?), ref: 00DFCB1E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 00DFCB28
                                                                                                                                                                                                            • GetProcessId.KERNEL32(00DF21A5,?,?,00000000,?,?,?,?), ref: 00DFCB60
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: lstrlenW.KERNEL32(?,?,00000000,?,00E1B4F0,?,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE5304
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: GetCurrentProcessId.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE530F
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE5346
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: ConnectNamedPipe.KERNEL32(?,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE535B
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: GetLastError.KERNEL32(?,00DD442A,?,00E1B4F0), ref: 00DE5365
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: Sleep.KERNEL32(00000064,?,00DD442A,?,00E1B4F0), ref: 00DE5396
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE53B9
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE53D4
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: WriteFile.KERNEL32(?,00DD442A,00E1B4F0,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE53EF
                                                                                                                                                                                                              • Part of subcall function 00DE52E3: WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,00DD442A,?,00E1B4F0), ref: 00DE540A
                                                                                                                                                                                                              • Part of subcall function 00E10917: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00DD4E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00E10927
                                                                                                                                                                                                              • Part of subcall function 00E10917: GetLastError.KERNEL32(?,?,00DD4E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00E10935
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,00DFC992,?,?,?,?,?,00000000,?,?,?,?), ref: 00DFCBE4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,00DFC992,?,?,?,?,?,00000000,?,?,?,?), ref: 00DFCBF3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,00DFC992,?,?,?,?,?,00000000,?,?,?), ref: 00DFCC0A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to process messages from embedded message., xrefs: 00DFCBA7
                                                                                                                                                                                                            • Failed to wait for embedded process to connect to pipe., xrefs: 00DFCB82
                                                                                                                                                                                                            • burn.embedded, xrefs: 00DFCADB
                                                                                                                                                                                                            • Failed to create embedded process at path: %ls, xrefs: 00DFCB56
                                                                                                                                                                                                            • Failed to allocate embedded command., xrefs: 00DFCAF7
                                                                                                                                                                                                            • Failed to create embedded pipe., xrefs: 00DFCACA
                                                                                                                                                                                                            • %ls -%ls %ls %ls %u, xrefs: 00DFCAE3
                                                                                                                                                                                                            • Failed to create embedded pipe name and client token., xrefs: 00DFCAA3
                                                                                                                                                                                                            • embedded.cpp, xrefs: 00DFCB49
                                                                                                                                                                                                            • Failed to wait for embedded executable: %ls, xrefs: 00DFCBC7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                                                                                                                                                                            • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                                                                                                                            • API String ID: 875070380-3803182736
                                                                                                                                                                                                            • Opcode ID: d06252bbb4313d7e6fd92816c0eefdb07a8eabdea7f09d218f499759f5f90c01
                                                                                                                                                                                                            • Instruction ID: 2a4b6008f49fb1be8bcd5ffe542ab9802075f70db0b04b97772171ba2a0c82ae
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d06252bbb4313d7e6fd92816c0eefdb07a8eabdea7f09d218f499759f5f90c01
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA516E72D4021DBBDF11EBA4DD06FEEBBB8EF04710F119112FA00B6190D7709A548BA0
                                                                                                                                                                                                            Function 00E17E36 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,?,00E18320,00000001,?), ref: 00E17E56
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,00E18320,00000001,?), ref: 00E17E71
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,00E18320,00000001,?), ref: 00E17E8C
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,00E18320,00000001,?), ref: 00E17EF8
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,00E18320,00000001,?), ref: 00E17F1C
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,00E18320,00000001,?), ref: 00E17F40
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,00E18320,00000001,?), ref: 00E17F60
                                                                                                                                                                                                            • lstrlenW.KERNEL32(006C0064,?,00E18320,00000001,?), ref: 00E17F7B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString$lstrlen
                                                                                                                                                                                                            • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                                                                                                                                                                            • API String ID: 1657112622-2492263259
                                                                                                                                                                                                            • Opcode ID: b61d163fa592300e1f6f8a51c72bbd345a9fae9f719d7bcab8a98dd0c61babdd
                                                                                                                                                                                                            • Instruction ID: d63298cc055e1c1948ca0b56249a2c6dd29c25bdad4ec7faa29b3057afd9197c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b61d163fa592300e1f6f8a51c72bbd345a9fae9f719d7bcab8a98dd0c61babdd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8851813164C312BBDB204E14CC45FA6BA71AB19B30F309355F9B5BA6E5C760EC81CBA0
                                                                                                                                                                                                            Function 00DDEBB2 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 173COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00DDED40
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00DDECF8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Path, xrefs: 00DDECA6
                                                                                                                                                                                                            • Failed to get SoftwareTag text., xrefs: 00DDED7F
                                                                                                                                                                                                            • Filename, xrefs: 00DDEC73
                                                                                                                                                                                                            • Failed to get software tag count., xrefs: 00DDEC07
                                                                                                                                                                                                            • Failed to get @Regid., xrefs: 00DDED93
                                                                                                                                                                                                            • Failed to get next node., xrefs: 00DDEDA7
                                                                                                                                                                                                            • Failed to select software tag nodes., xrefs: 00DDEBE2
                                                                                                                                                                                                            • Failed to allocate memory for software tag structs., xrefs: 00DDEC3F
                                                                                                                                                                                                            • registration.cpp, xrefs: 00DDEC35
                                                                                                                                                                                                            • Failed to get @Path., xrefs: 00DDED89
                                                                                                                                                                                                            • Regid, xrefs: 00DDEC8E
                                                                                                                                                                                                            • SoftwareTag, xrefs: 00DDEBC1
                                                                                                                                                                                                            • Failed to get @Filename., xrefs: 00DDED9D
                                                                                                                                                                                                            • Failed to convert SoftwareTag text to UTF-8, xrefs: 00DDED75
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                                                                            • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$registration.cpp
                                                                                                                                                                                                            • API String ID: 336948655-1068704183
                                                                                                                                                                                                            • Opcode ID: 23d606c80685eca5147fd7e5242ee8aaced2f3a0b737d3249952f089740a14c5
                                                                                                                                                                                                            • Instruction ID: df79071f82be9c55e5cef0ad96b563963b8f1176285d9ab657be797dd15f8ad6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23d606c80685eca5147fd7e5242ee8aaced2f3a0b737d3249952f089740a14c5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF518475A01329BBDB11AF94C891EAEBBA5EF04710F5541AAF805BF350DB70EE4087B0
                                                                                                                                                                                                            Function 00DE4933 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 155sleepfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?), ref: 00DE498D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE499B
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00DE49BF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorFileLastSleep
                                                                                                                                                                                                            • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$feclient.dll$pipe.cpp
                                                                                                                                                                                                            • API String ID: 408151869-3212458075
                                                                                                                                                                                                            • Opcode ID: 04c7f29640d0954a57e0dac4aeb21b437988a339eebf2e29b2922d3ba4fc60dc
                                                                                                                                                                                                            • Instruction ID: 51fdef38e6d664310ca99de18c794ca92ca5447755e4246d4e720a43890f3ab0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04c7f29640d0954a57e0dac4aeb21b437988a339eebf2e29b2922d3ba4fc60dc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74412632E80731FBEB216AB69C05B9B7698EF04734F214225FD10F61D0D7649E509AF4
                                                                                                                                                                                                            Function 00DDF410 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00DE0348,InstallerVersion,InstallerVersion,00000000,00DE0348,InstallerName,InstallerName,00000000,00DE0348,Date,InstalledDate,00000000,00DE0348,LogonUser), ref: 00DDF5BE
                                                                                                                                                                                                              • Part of subcall function 00E11392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,00DDF1C2,00000000,?,00020006), ref: 00E113C5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseValue
                                                                                                                                                                                                            • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                                                                                                                            • API String ID: 3132538880-2703781546
                                                                                                                                                                                                            • Opcode ID: 45a4f5a64b28ffc8082448345b91aae89e7d92a1c0e1f11c1d77fcfdb07a4746
                                                                                                                                                                                                            • Instruction ID: 60f86b378d665a71d77a700160f711a0af7e0154d9e70d76841fd1c87d00e162
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45a4f5a64b28ffc8082448345b91aae89e7d92a1c0e1f11c1d77fcfdb07a4746
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141BA32A81775BBCB225B50FC02EBE7A75AF00B14F115176FD42B6391D770EE50A6A0
                                                                                                                                                                                                            Function 00DEE563 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,?), ref: 00DEE5AE
                                                                                                                                                                                                            • RegisterClassW.USER32(?), ref: 00DEE5DA
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEE5E5
                                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,00E29CC4,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 00DEE64C
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEE656
                                                                                                                                                                                                            • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 00DEE6F4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                                                            • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                                                            • API String ID: 213125376-288575659
                                                                                                                                                                                                            • Opcode ID: 4ea352ba80f917bdd2b6389ffd3867be0a61cb210d0b5bd52b0cee75ba7403da
                                                                                                                                                                                                            • Instruction ID: 590e313d882c531b693835611003880d814231f2dfdd7338772d5bb114cb6c4a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ea352ba80f917bdd2b6389ffd3867be0a61cb210d0b5bd52b0cee75ba7403da
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD418272A00254EFDB10AFA6DC45ADABFE8FF08350F10812AF909F6290D7709954CBB1
                                                                                                                                                                                                            Function 00DFDC0D Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 204stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00DF9751,75C08550,?,?,00000000,?,?,?,00000001,00000000,?), ref: 00DFDC28
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to initialize BITS job callback., xrefs: 00DFDD49
                                                                                                                                                                                                            • Failed to set callback interface for BITS job., xrefs: 00DFDD60
                                                                                                                                                                                                            • Invalid BITS engine URL: %ls, xrefs: 00DFDC4A
                                                                                                                                                                                                            • Falied to start BITS job., xrefs: 00DFDDE0
                                                                                                                                                                                                            • Failed to add file to BITS job., xrefs: 00DFDCF5
                                                                                                                                                                                                            • Failed to create BITS job callback., xrefs: 00DFDD3B
                                                                                                                                                                                                            • Failed while waiting for BITS download., xrefs: 00DFDDD9
                                                                                                                                                                                                            • bitsengine.cpp, xrefs: 00DFDC3E, 00DFDD31
                                                                                                                                                                                                            • Failed to create BITS job., xrefs: 00DFDCB7
                                                                                                                                                                                                            • Failed to complete BITS job., xrefs: 00DFDDD2
                                                                                                                                                                                                            • Failed to download BITS job., xrefs: 00DFDDBF
                                                                                                                                                                                                            • Failed to copy download URL., xrefs: 00DFDC6F
                                                                                                                                                                                                            • Failed to set credentials for BITS job., xrefs: 00DFDCD6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                            • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                                                                                                                            • API String ID: 1659193697-2382896028
                                                                                                                                                                                                            • Opcode ID: 46b118558b261df8f68010ee155187605b93be834fe687b85d228162286a4e4e
                                                                                                                                                                                                            • Instruction ID: 09e62dcaaf13d5d53d9ff92c18adb9259949b05bfd2d019b6b6f5c384ec3c010
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46b118558b261df8f68010ee155187605b93be834fe687b85d228162286a4e4e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD618E31A0032DEBCB129B54CC99EBE7BA7EF48B10F268155FA04AB251D774DD40DBA1
                                                                                                                                                                                                            Function 00DF678F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 150serviceCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,00DF6CE1,?), ref: 00DF67C8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00DF6CE1,?,?,?), ref: 00DF67D5
                                                                                                                                                                                                            • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,00DF6CE1,?,?,?), ref: 00DF681D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00DF6CE1,?,?,?), ref: 00DF6829
                                                                                                                                                                                                            • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00DF6CE1,?,?,?), ref: 00DF6863
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00DF6CE1,?,?,?), ref: 00DF686D
                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 00DF6924
                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(?), ref: 00DF692E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Service$ErrorLast$CloseHandleOpen$ManagerQueryStatus
                                                                                                                                                                                                            • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv
                                                                                                                                                                                                            • API String ID: 971853308-301359130
                                                                                                                                                                                                            • Opcode ID: e11ed7a0944827cc255cc9fe985b332ddda04f4471c202d59a66ffbf580d763b
                                                                                                                                                                                                            • Instruction ID: f9f3dfad05c3cdb04780f1eee3b0807e293c3463915b19ee7fcee0e7bfc38fe7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e11ed7a0944827cc255cc9fe985b332ddda04f4471c202d59a66ffbf580d763b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15419571B00328EBEB109BB99C45ABA76E8EF48750F168129FE05F7690D774DD448AB0
                                                                                                                                                                                                            Function 00DDBB30 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 189processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 00DDBC8F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00DDBC99
                                                                                                                                                                                                            • WaitForInputIdle.USER32(?,?), ref: 00DDBCED
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?), ref: 00DDBD38
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?), ref: 00DDBD45
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle$CreateErrorIdleInputLastProcessWait
                                                                                                                                                                                                            • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                                                                                                                                                            • API String ID: 1086122317-2737401750
                                                                                                                                                                                                            • Opcode ID: 0612f329898ab3965d956e64c7ec68d4a9e6c8d6aa15941306aa7a51b854fcf6
                                                                                                                                                                                                            • Instruction ID: debe689debb3b69b9a7f1a1dbc145c4cd1f6d84753405341590c1d50e288b542
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0612f329898ab3965d956e64c7ec68d4a9e6c8d6aa15941306aa7a51b854fcf6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64514A72D00619FBDF119FA5CC41DEEBBB9FF04314B154167E915B2220D7319E509BA1
                                                                                                                                                                                                            Function 00DE2DDC Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 303COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to lookup the bundle ID in the ancestors dictionary., xrefs: 00DE30F0
                                                                                                                                                                                                            • Failed to add the package provider key "%ls" to the planned list., xrefs: 00DE3107
                                                                                                                                                                                                            • Failed to create dictionary from ancestors array., xrefs: 00DE2E46
                                                                                                                                                                                                            • feclient.dll, xrefs: 00DE30BB
                                                                                                                                                                                                            • Unexpected relation type encountered during plan: %d, xrefs: 00DE30FE
                                                                                                                                                                                                            • Failed to copy ancestors and self to related bundle ancestors., xrefs: 00DE2EF6
                                                                                                                                                                                                            • plan.cpp, xrefs: 00DE311D
                                                                                                                                                                                                            • Failed to copy self to related bundle ancestors., xrefs: 00DE312E
                                                                                                                                                                                                            • %ls;%ls, xrefs: 00DE2EDE
                                                                                                                                                                                                            • UX aborted plan related bundle., xrefs: 00DE3127
                                                                                                                                                                                                            • Failed to create string array from ancestors., xrefs: 00DE2E1A
                                                                                                                                                                                                            • crypt32.dll, xrefs: 00DE2E0E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: %ls;%ls$Failed to add the package provider key "%ls" to the planned list.$Failed to copy ancestors and self to related bundle ancestors.$Failed to copy self to related bundle ancestors.$Failed to create dictionary from ancestors array.$Failed to create string array from ancestors.$Failed to lookup the bundle ID in the ancestors dictionary.$UX aborted plan related bundle.$Unexpected relation type encountered during plan: %d$crypt32.dll$feclient.dll$plan.cpp
                                                                                                                                                                                                            • API String ID: 0-794096528
                                                                                                                                                                                                            • Opcode ID: 45882536d0284142301326ceb8bfa31148ae41e5f3f5d690dd7d936ed54e9066
                                                                                                                                                                                                            • Instruction ID: e1191359813a85e823813c134938586e51104ed256d38d6fd29e4331771acd98
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45882536d0284142301326ceb8bfa31148ae41e5f3f5d690dd7d936ed54e9066
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57B1CE71900756FFCB2AEF66C845ABAB7B5FF04710F14456AF804AB250D731AA90CBB0
                                                                                                                                                                                                            Function 00DDB106 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 136COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,00DDB9F7,00000008,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB10E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDB9F7,00000008,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00DDB11A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorHandleLastModule
                                                                                                                                                                                                            • String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
                                                                                                                                                                                                            • API String ID: 4242514867-926796631
                                                                                                                                                                                                            • Opcode ID: cf56f12bd5562b81db38233df6530fd3a5646bc4d3cc04b31e4509a1d1aae5fa
                                                                                                                                                                                                            • Instruction ID: df3f39f3a12758c0e6d9e74dfa04abf20bc2fb94ab2fa5e2102eac563a1088a2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf56f12bd5562b81db38233df6530fd3a5646bc4d3cc04b31e4509a1d1aae5fa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4941F572380710F7D7205A55EC42FEA2655EB44B34F2A502BFD067B7C1D7A4C98282BA
                                                                                                                                                                                                            Function 00DD67E5 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 131libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 00DD6835
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD683F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 00DD6882
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD688C
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 00DD699D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                            • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                                                                                                                            • API String ID: 3057421322-109962352
                                                                                                                                                                                                            • Opcode ID: 9a27f929511beafaf3d942557e3e2f8635030a0346b67bd10bd4d8e7105f27ea
                                                                                                                                                                                                            • Instruction ID: 92f988a48bc2fb6d44c06381a787552f3edb96c5b98abbd901a267d0d0ed7de7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a27f929511beafaf3d942557e3e2f8635030a0346b67bd10bd4d8e7105f27ea
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9741AF72E41338ABDB319B658C15BEAB7E4EB08750F00019AE948F6290D774CE94CEF1
                                                                                                                                                                                                            Function 00DD47E9 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 128memorysynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TlsAlloc.KERNEL32(?,00000001,00000001,00000000,00000000,?,?,?,00DD535E,?,?,?,?), ref: 00DD481A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DD535E,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DD482B
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00DD4968
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00DD535E,?,?,?,?,?,?,?,?,?,?,?), ref: 00DD4971
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • comres.dll, xrefs: 00DD48D7
                                                                                                                                                                                                            • Failed to allocate thread local storage for logging., xrefs: 00DD4859
                                                                                                                                                                                                            • Failed to connect to unelevated process., xrefs: 00DD4810
                                                                                                                                                                                                            • Failed to set elevated pipe into thread local storage for logging., xrefs: 00DD48A2
                                                                                                                                                                                                            • Failed to pump messages from parent process., xrefs: 00DD493C
                                                                                                                                                                                                            • Failed to create the message window., xrefs: 00DD48C6
                                                                                                                                                                                                            • engine.cpp, xrefs: 00DD484F, 00DD4898
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocCloseErrorHandleLastMutexRelease
                                                                                                                                                                                                            • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create the message window.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$comres.dll$engine.cpp
                                                                                                                                                                                                            • API String ID: 687263955-1790235126
                                                                                                                                                                                                            • Opcode ID: 77c264e7f104f84fa57d49c2f80a1a60e8c014534459c1f2ae71c6b5cf7a4ece
                                                                                                                                                                                                            • Instruction ID: 263dff1f194361d1cf6423c4a68bb1748bb3be2218aca8f6763093a5c7e5d647
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77c264e7f104f84fa57d49c2f80a1a60e8c014534459c1f2ae71c6b5cf7a4ece
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C418472A00655BBDB11ABA6CC45EDBB6ACFF04750F01022BFA09F2150DB70A9949BF1
                                                                                                                                                                                                            Function 00DE39FD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 128COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 00DE3A51
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 00DE3A5B
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 00DE3AC4
                                                                                                                                                                                                            • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 00DE3ACB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • %u\, xrefs: 00DE3AE5
                                                                                                                                                                                                            • Failed to format session id as a string., xrefs: 00DE3AF9
                                                                                                                                                                                                            • Failed to copy temp folder., xrefs: 00DE3B7A
                                                                                                                                                                                                            • Failed to get length of temp folder., xrefs: 00DE3AB5
                                                                                                                                                                                                            • logging.cpp, xrefs: 00DE3A7F
                                                                                                                                                                                                            • Failed to get length of session id string., xrefs: 00DE3B1D
                                                                                                                                                                                                            • Failed to get temp folder., xrefs: 00DE3A89
                                                                                                                                                                                                            • crypt32.dll, xrefs: 00DE3A10
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$CurrentErrorLastPathSessionTemp
                                                                                                                                                                                                            • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$crypt32.dll$logging.cpp
                                                                                                                                                                                                            • API String ID: 1726527325-3274134579
                                                                                                                                                                                                            • Opcode ID: 9f0dce2e9a2b9222e8cb1fe8e32cee5685f4493f3bd1af65d5abe3a2c6cdc9cd
                                                                                                                                                                                                            • Instruction ID: 6f66ac23f7e548f06bb286c19cca66c8a3fea8130a88fe72d88df8d9b78123eb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f0dce2e9a2b9222e8cb1fe8e32cee5685f4493f3bd1af65d5abe3a2c6cdc9cd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB418372E8133DABDB20AB65DC4DEEAB7A8EF14710F114195F909B7140D6749F848FA0
                                                                                                                                                                                                            Function 00DD7E7C Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 214COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,000000B9,00000002,?,00000000,00000000), ref: 00DD7E99
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?), ref: 00DD80C1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to write variable value as string., xrefs: 00DD8085
                                                                                                                                                                                                            • Failed to write literal flag., xrefs: 00DD809A
                                                                                                                                                                                                            • Failed to write variable name., xrefs: 00DD80A8
                                                                                                                                                                                                            • feclient.dll, xrefs: 00DD7F74, 00DD7FCA, 00DD800B
                                                                                                                                                                                                            • Unsupported variable type., xrefs: 00DD807E
                                                                                                                                                                                                            • Failed to get version., xrefs: 00DD8072
                                                                                                                                                                                                            • Failed to write variable value as number., xrefs: 00DD806B
                                                                                                                                                                                                            • Failed to write variable value type., xrefs: 00DD80A1
                                                                                                                                                                                                            • Failed to write included flag., xrefs: 00DD80AF
                                                                                                                                                                                                            • Failed to write variable count., xrefs: 00DD7EB4
                                                                                                                                                                                                            • Failed to get string., xrefs: 00DD808C
                                                                                                                                                                                                            • Failed to get numeric., xrefs: 00DD8093
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                                                                                                                                                                            • API String ID: 3168844106-2118673349
                                                                                                                                                                                                            • Opcode ID: 82a968264141fa802660f3df400e5560978e7789dcfb6fe31a70272a6f46962b
                                                                                                                                                                                                            • Instruction ID: 41be1542424ab9b2216e19d68309e23e2e5fec93b61cc14ae7d4a8d4ddd5d779
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82a968264141fa802660f3df400e5560978e7789dcfb6fe31a70272a6f46962b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A619232905619ABCB239E64CD41ABEBBA5FF04354F154163FA0077390DB31ED98ABB1
                                                                                                                                                                                                            Function 00E16BF6 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 166COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,7691DFD0,?,00E17172,?,?), ref: 00E16C4C
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16CB7
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16D2F
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16D71
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Free$Compare
                                                                                                                                                                                                            • String ID: feclient.dll$label$rq$rq$scheme$term
                                                                                                                                                                                                            • API String ID: 1324494773-3523472726
                                                                                                                                                                                                            • Opcode ID: 65b71f5d0da30a7edffb26472936ac69643065ada15dcb0c3830a3b4db614122
                                                                                                                                                                                                            • Instruction ID: 8d2cbe8d074733df43d3e9b0cbcd08af3ba5bea7f6271aaf4c027315094113ef
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65b71f5d0da30a7edffb26472936ac69643065ada15dcb0c3830a3b4db614122
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F515C75A01219BFCB15DBA4CC44FEEBBB8EF04725F215295E521BA1A0D7319E80DB90
                                                                                                                                                                                                            Function 00E101F0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 123COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 00E10234
                                                                                                                                                                                                            • GetComputerNameW.KERNEL32(?,?), ref: 00E1028C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Name$ComputerFileModule
                                                                                                                                                                                                            • String ID: --- logging level: %hs ---$8b$=== Logging started: %ls ===$@b$Computer : %ls$Executable: %ls v%d.%d.%d.%d$Hb$Tb$\b$db
                                                                                                                                                                                                            • API String ID: 2577110986-3734461537
                                                                                                                                                                                                            • Opcode ID: 1959c7f3c1045c606ae20ef7e8a117f2091c947c8ba763432acc6a7e4be9ad85
                                                                                                                                                                                                            • Instruction ID: b756c4f4d6c298fe2b2a21cf0b19d52e9ad86ebb28fefff3321fc8484e94b7c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1959c7f3c1045c606ae20ef7e8a117f2091c947c8ba763432acc6a7e4be9ad85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E94170B290011CABCB209F65DC89AFA77BCEB55304F0451BAFA09F7152D6709EC98F64
                                                                                                                                                                                                            Function 00DE95AC Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 122fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00DEA63D,?,00000000,?,?,00DFB049), ref: 00DE95C7
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DEA63D,?,00000000,?,?,00DFB049,?,00000000,?,00000000,?,?,00DFB049,?), ref: 00DE95D7
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00DFB049,00000001,00000003,000007D0,?,?,00DFB049,?), ref: 00DE96E4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • %ls payload from working path '%ls' to path '%ls', xrefs: 00DE968F
                                                                                                                                                                                                            • Failed to move %ls to %ls, xrefs: 00DE96BC
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE95FB
                                                                                                                                                                                                            • Moving, xrefs: 00DE9686, 00DE968E
                                                                                                                                                                                                            • Failed to verify payload hash: %ls, xrefs: 00DE966F
                                                                                                                                                                                                            • Copying, xrefs: 00DE9679
                                                                                                                                                                                                            • Failed to verify payload signature: %ls, xrefs: 00DE9632
                                                                                                                                                                                                            • Failed to copy %ls to %ls, xrefs: 00DE96D2
                                                                                                                                                                                                            • Failed to open payload in working path: %ls, xrefs: 00DE9606
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                                                                                                                            • API String ID: 2528220319-1604654059
                                                                                                                                                                                                            • Opcode ID: dd1e6fd544841e3199c5f2983e79369b05c678961da81c4eecedb62276b9e52c
                                                                                                                                                                                                            • Instruction ID: f0a0005334974b2dca76aaf07ac23f702a4d50721b1cd7a7493537f1762b149e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd1e6fd544841e3199c5f2983e79369b05c678961da81c4eecedb62276b9e52c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0831F6B1A423B4BBDB213A279C26FAF696CDF41B50F01111EFD04BB291D660DD5085F5
                                                                                                                                                                                                            Function 00DE3E47 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DE3955: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00DE3E61,feclient.dll,?,00000000,?,?,?,00DD4A0C), ref: 00DE39F1
                                                                                                                                                                                                            • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00DD4A0C,?,?,00E1B478,?,00000001,00000000,00000000), ref: 00DE3EF8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseSleep
                                                                                                                                                                                                            • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                                                                            • API String ID: 2834455192-2673269691
                                                                                                                                                                                                            • Opcode ID: f50a8690e54cbe0c890efa40a23b57d339c5b09ae83e3fe409359caa851b678a
                                                                                                                                                                                                            • Instruction ID: 1c54b44fe3fd30bb6235768a75f238519f911260d6cff6ebd29197d082f43506
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f50a8690e54cbe0c890efa40a23b57d339c5b09ae83e3fe409359caa851b678a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2061C771A00695BBDB26BF36CC4AB7A77A8EF04750B184265F801EB141E771EE9087B1
                                                                                                                                                                                                            Function 00DD6C5D Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 167COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000001,?,00000000,00DD533D,00000000,00000001), ref: 00DD6C6E
                                                                                                                                                                                                              • Part of subcall function 00DD55B6: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,00DD648B,00DD648B,?,00DD554A,?,?,00000000), ref: 00DD55F2
                                                                                                                                                                                                              • Part of subcall function 00DD55B6: GetLastError.KERNEL32(?,00DD554A,?,?,00000000,?,00000000,00DD648B,?,00DD7DDC,?,?,?,?,?), ref: 00DD5621
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000001,?,00000001), ref: 00DD6E02
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set value of variable: %ls, xrefs: 00DD6DEA
                                                                                                                                                                                                            • Failed to find variable value '%ls'., xrefs: 00DD6C89
                                                                                                                                                                                                            • Setting hidden variable '%ls', xrefs: 00DD6D2C
                                                                                                                                                                                                            • Attempt to set built-in variable value: %ls, xrefs: 00DD6CFC
                                                                                                                                                                                                            • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00DD6D79
                                                                                                                                                                                                            • Setting string variable '%ls' to value '%ls', xrefs: 00DD6D96
                                                                                                                                                                                                            • variable.cpp, xrefs: 00DD6CF1
                                                                                                                                                                                                            • Setting numeric variable '%ls' to value %lld, xrefs: 00DD6DA3
                                                                                                                                                                                                            • Failed to insert variable '%ls'., xrefs: 00DD6CB3
                                                                                                                                                                                                            • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00DD6E14
                                                                                                                                                                                                            • Unsetting variable '%ls', xrefs: 00DD6DBE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                                                            • API String ID: 2716280545-445000439
                                                                                                                                                                                                            • Opcode ID: b5cf61e0352b58834aeea1fdfa4cde2e7c383583831d7b047f44ee3809a0db04
                                                                                                                                                                                                            • Instruction ID: c207bf12734c2eaaf350c5da7f46bdd94b1884bf34dabd80b67d4f2b42bb51c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5cf61e0352b58834aeea1fdfa4cde2e7c383583831d7b047f44ee3809a0db04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48511871B40315ABCB309E19DD4AFAB7BA9EB95710F25011BF844AA381C270DD94CAF1
                                                                                                                                                                                                            Function 00DE2A60 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00DE2ACD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to check for remaining dependents during planning., xrefs: 00DE2C73
                                                                                                                                                                                                            • Failed to add self-dependent to ignore dependents., xrefs: 00DE2B51
                                                                                                                                                                                                            • Failed to create the string dictionary., xrefs: 00DE2B06
                                                                                                                                                                                                            • Failed to allocate registration action., xrefs: 00DE2B36
                                                                                                                                                                                                            • wininet.dll, xrefs: 00DE2D1E
                                                                                                                                                                                                            • Failed to add dependents ignored from command-line., xrefs: 00DE2B82
                                                                                                                                                                                                            • Failed to add registration action for dependent related bundle., xrefs: 00DE2DD5
                                                                                                                                                                                                            • Failed to add registration action for self dependent., xrefs: 00DE2D9E
                                                                                                                                                                                                            • Failed to add dependent bundle provider key to ignore dependents., xrefs: 00DE2C37
                                                                                                                                                                                                            • crypt32.dll, xrefs: 00DE2B18, 00DE2C16, 00DE2D0B, 00DE2D80
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                                                                                                                            • API String ID: 1825529933-1705955799
                                                                                                                                                                                                            • Opcode ID: c946ead39d6dff3f390a670bfc93482a150f2db7c847b708277700014fd8b6b8
                                                                                                                                                                                                            • Instruction ID: a913de8a38b2083b87fff2823957142acd074f65a281d2811fb246dad4ba6272
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c946ead39d6dff3f390a670bfc93482a150f2db7c847b708277700014fd8b6b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56B1AC70A00666EFCB25AF26CC81BBA7BA9FF04300F148169F905AB255C770D990DBE0
                                                                                                                                                                                                            Function 00DD49DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 00DD4B5E
                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00DD4B6F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WixBundleLayoutDirectory, xrefs: 00DD4AEF
                                                                                                                                                                                                            • Failed while running , xrefs: 00DD4B24
                                                                                                                                                                                                            • Failed to set layout directory variable to value provided from command-line., xrefs: 00DD4B00
                                                                                                                                                                                                            • Failed to set registration variables., xrefs: 00DD4AD8
                                                                                                                                                                                                            • Failed to check global conditions, xrefs: 00DD4A43
                                                                                                                                                                                                            • Failed to open log., xrefs: 00DD4A12
                                                                                                                                                                                                            • Failed to set action variables., xrefs: 00DD4ABE
                                                                                                                                                                                                            • Failed to query registration., xrefs: 00DD4AA8
                                                                                                                                                                                                            • Failed to create the message window., xrefs: 00DD4A92
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePostWindow
                                                                                                                                                                                                            • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                                                            • API String ID: 3618638489-3051724725
                                                                                                                                                                                                            • Opcode ID: bf289e531245ad64cad2a89bde068a67eeaf03ef8b06c40a2532ec9dbfb4b4cd
                                                                                                                                                                                                            • Instruction ID: 7605462a51b62aa99b2fbd9ed1c45f94ce676236630276b27690d00781e6bac8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf289e531245ad64cad2a89bde068a67eeaf03ef8b06c40a2532ec9dbfb4b4cd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D41E171A40B1ABBCB2A6A20CC46FFBBA6CFF14754F011217B814A6250EB70ED5097F0
                                                                                                                                                                                                            Function 00DDA17D Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 138registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(000002C0,00000000,00000000,000002C0,00000000,00000000,000002C0,?,00000000,00000000,?,00000000,00000101,000002C0,000002C0,?), ref: 00DDA226
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,000002C0,00000100,00000000,000002C0), ref: 00DDA300
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00DDA275
                                                                                                                                                                                                            • Failed to query registry key value., xrefs: 00DDA265
                                                                                                                                                                                                            • Failed to open registry key. Key = '%ls', xrefs: 00DDA2C2
                                                                                                                                                                                                            • Failed to set variable., xrefs: 00DDA2B8
                                                                                                                                                                                                            • Failed to format key string., xrefs: 00DDA1B3
                                                                                                                                                                                                            • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 00DDA2D8
                                                                                                                                                                                                            • Failed to format value string., xrefs: 00DDA20F
                                                                                                                                                                                                            • Registry key not found. Key = '%ls', xrefs: 00DDA291
                                                                                                                                                                                                            • search.cpp, xrefs: 00DDA25B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                                            • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                                                                                                                            • API String ID: 3356406503-46557908
                                                                                                                                                                                                            • Opcode ID: 7850119fb0a1c0ced8427579dcf755984d55c2c60fb8816b1bf50599d93bf8ec
                                                                                                                                                                                                            • Instruction ID: 98870e0fdd39890cf543e3dfc10039232f95e1f55b6ddf8d1381a8b15dff6423
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7850119fb0a1c0ced8427579dcf755984d55c2c60fb8816b1bf50599d93bf8ec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F41E632E40314BBDF256E99CC06BEEBEA5EB04700F148166FD04B5391D7718E5096A6
                                                                                                                                                                                                            Function 00DEEDFE Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 124COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 00DEEE1B
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00DEEF48
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Engine is active, cannot change engine state., xrefs: 00DEEE36
                                                                                                                                                                                                            • UX requested unknown approved exe with id: %ls, xrefs: 00DEEE7B
                                                                                                                                                                                                            • Failed to copy the id., xrefs: 00DEEEAD
                                                                                                                                                                                                            • Failed to copy the arguments., xrefs: 00DEEEDA
                                                                                                                                                                                                            • Failed to post launch approved exe message., xrefs: 00DEEF33
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 00DEEF29
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                                                                                                                            • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                                                                                                                            • API String ID: 1367039788-528931743
                                                                                                                                                                                                            • Opcode ID: c16c9613f76eb35420910bcfe5a7156c2fe67b70ad3c9a0eaf23a78d919d371a
                                                                                                                                                                                                            • Instruction ID: b110b826b84d19985f6de195e33dcd4ad30c10c22744b4e1f137bef5bb154bee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c16c9613f76eb35420910bcfe5a7156c2fe67b70ad3c9a0eaf23a78d919d371a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0331AF72A40365BFDB21AF65DC45EAB77A8EF04B20B098166FD04EB251DB70DD4087B1
                                                                                                                                                                                                            Function 00DE9496 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00DEA5CE,?,00000000,?,?,00DFB041), ref: 00DE94B1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DEA5CE,?,00000000,?,?,00DFB041,?,00000000,?,00000000,?,?,00DFB041,?), ref: 00DE94BF
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00DFB041,00000001,00000003,000007D0,?,?,00DFB041,?), ref: 00DE959E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                                                                                                                            • API String ID: 2528220319-1187406825
                                                                                                                                                                                                            • Opcode ID: 661920fc7d2c4c8a6b45b90318fd198770f08e4ec3288d1e41dfc8eb3e10e5ab
                                                                                                                                                                                                            • Instruction ID: 97af5211c075ca7d89e73c81513bba53a9bbf3f2ec6e6740550f95df343b8479
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 661920fc7d2c4c8a6b45b90318fd198770f08e4ec3288d1e41dfc8eb3e10e5ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4215572B827747BE7222A269C57FAB766CDF45B10F101118FD09BA2C0D2A19E5085F0
                                                                                                                                                                                                            Function 00DD6E5A Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00DD6E89
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00DD7095
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to read variable count., xrefs: 00DD6EA9
                                                                                                                                                                                                            • Failed to read variable included flag., xrefs: 00DD7085
                                                                                                                                                                                                            • Failed to set variable value., xrefs: 00DD7048
                                                                                                                                                                                                            • Failed to read variable value as string., xrefs: 00DD7062
                                                                                                                                                                                                            • Failed to read variable name., xrefs: 00DD707E
                                                                                                                                                                                                            • Unsupported variable type., xrefs: 00DD705B
                                                                                                                                                                                                            • Failed to set variable., xrefs: 00DD7069
                                                                                                                                                                                                            • Failed to read variable value as number., xrefs: 00DD704F
                                                                                                                                                                                                            • Failed to read variable literal flag., xrefs: 00DD7070
                                                                                                                                                                                                            • Failed to read variable value type., xrefs: 00DD7077
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                                                                                                                                                            • API String ID: 3168844106-528957463
                                                                                                                                                                                                            • Opcode ID: 82594082785ce08fb39fd0c4385cf2a40d188e856e277810a4c5307138926b4c
                                                                                                                                                                                                            • Instruction ID: da8476266a3276d88528868a73420106d7b4d3278d44ebef06de39047ec0d1d7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82594082785ce08fb39fd0c4385cf2a40d188e856e277810a4c5307138926b4c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC716D72D0561ABADB21EEA4CC45EFEBBB9EB04710F104162F910B6290E731DE559BB0
                                                                                                                                                                                                            Function 00E143A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 247fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00E14425
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E1443B
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?), ref: 00E14486
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E14490
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00E14650
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$CloseCreateHandleSize
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 3555958901-2967768451
                                                                                                                                                                                                            • Opcode ID: 0e195b77f432e373c776fab6d0ec1c0fa6e9d5ae0014af5c2ef587e2da3581b7
                                                                                                                                                                                                            • Instruction ID: e8467cd912f21d8dbf396a6f2c719b915b28fa3463e03697a80f9059e9a5b4b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e195b77f432e373c776fab6d0ec1c0fa6e9d5ae0014af5c2ef587e2da3581b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F71F4F1A00215EBEB219E699C44BEB76D9EB40768F11512AFD29FB3D0D674CD8087A0
                                                                                                                                                                                                            Function 00DE4B96 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • UuidCreate.RPCRT4(?), ref: 00DE4BC9
                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 00DE4BF8
                                                                                                                                                                                                            • UuidCreate.RPCRT4(?), ref: 00DE4C43
                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 00DE4C6F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateFromStringUuid
                                                                                                                                                                                                            • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                                                                                                                            • API String ID: 4041566446-2510341293
                                                                                                                                                                                                            • Opcode ID: 3b925442be63245e2789d78a20fcdbf1ae0dfcf3a9621f6e597e5de74b731309
                                                                                                                                                                                                            • Instruction ID: 212d814234c25f3ac78f1c6febf1119edfb29625b63c0e84c0aa6b3a80691433
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b925442be63245e2789d78a20fcdbf1ae0dfcf3a9621f6e597e5de74b731309
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4418E72E01358ABDB10EBE6DD45EEEB7F8EB44710F204126E905FB240D6749A48CBA1
                                                                                                                                                                                                            Function 00DD5F14 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 105timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?), ref: 00DD5F3F
                                                                                                                                                                                                            • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 00DD5F53
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD5F65
                                                                                                                                                                                                            • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 00DD5FB8
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD5FC2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get the required buffer length for the Date., xrefs: 00DD5F89
                                                                                                                                                                                                            • Failed to allocate the buffer for the Date., xrefs: 00DD5FA0
                                                                                                                                                                                                            • Failed to get the Date., xrefs: 00DD5FE6
                                                                                                                                                                                                            • Failed to set variant value., xrefs: 00DD5FFF
                                                                                                                                                                                                            • variable.cpp, xrefs: 00DD5F7F, 00DD5FDC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                                                                            • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 2700948981-3682088697
                                                                                                                                                                                                            • Opcode ID: 77c8dce2378a4eab2012dfaadf4f93a03d833514366d3f1995563dcde11c03a3
                                                                                                                                                                                                            • Instruction ID: 71f7f78555264b4eefa90ebf2d42694d179a87f07efb1596899813765a0cc95f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77c8dce2378a4eab2012dfaadf4f93a03d833514366d3f1995563dcde11c03a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC318672A40719BADB21ABE5DC45EFFBAA8EF44710F114026FA41F7290DA609D4486F1
                                                                                                                                                                                                            Function 00DEE82A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00DD5386,?,?), ref: 00DEE84A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD5386,?,?), ref: 00DEE857
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00DEE563,?,00000000,00000000), ref: 00DEE8B0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD5386,?,?), ref: 00DEE8BD
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00DD5386,?,?), ref: 00DEE8F8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00DD5386,?,?), ref: 00DEE917
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00DD5386,?,?), ref: 00DEE924
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                                                            • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                                                            • API String ID: 2351989216-3599963359
                                                                                                                                                                                                            • Opcode ID: b2d8a6b6b8c7e2927c190927b5d0b10fcb7527629cd554017b0e9f5e52ee73ba
                                                                                                                                                                                                            • Instruction ID: 31ad922e54e771bb98191abd6340576c035705609580af50e5d02c5d1f2197f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2d8a6b6b8c7e2927c190927b5d0b10fcb7527629cd554017b0e9f5e52ee73ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28316875E00319BFEB10AFAA9D85AEFB7ECEF48350F114126F905F3151D6308E048AA1
                                                                                                                                                                                                            Function 00DEE3F4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,00DD5386,?,?), ref: 00DEE415
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DD5386,?,?), ref: 00DEE422
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00DEE177,00000000,00000000,00000000), ref: 00DEE481
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DD5386,?,?), ref: 00DEE48E
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,00DD5386,?,?), ref: 00DEE4C9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00DD5386,?,?), ref: 00DEE4DD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00DD5386,?,?), ref: 00DEE4EA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                                                            • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                                                                                                                            • API String ID: 2351989216-1977201954
                                                                                                                                                                                                            • Opcode ID: c29478dd67f380f00ab0672452f94ef1d6505da6038d6c348eb20563f7920b1c
                                                                                                                                                                                                            • Instruction ID: 37bdfe7c5b7ac855c2a476f7d2002d460fec967d6c9db18af335849df6452483
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c29478dd67f380f00ab0672452f94ef1d6505da6038d6c348eb20563f7920b1c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC314175D00719BFEB11AFAA9C45AEFBBF8EB44710F108166FD15F2290D7748A04CAA1
                                                                                                                                                                                                            Function 00DF1224 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,76922F60,?,?,00DD52FD,00DD52B5,00000000,00DD533D), ref: 00DF1249
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DF125C
                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(00E1B478,?), ref: 00DF129E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DF12AC
                                                                                                                                                                                                            • ResetEvent.KERNEL32(00E1B450), ref: 00DF12E7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DF12F1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                                                            • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2979751695-3400260300
                                                                                                                                                                                                            • Opcode ID: b17a78bda96b67b2531c1121e10dd93dd9215f14beb19d23bf54826a0dc21002
                                                                                                                                                                                                            • Instruction ID: 7788eb349c479f777d9b760838c8e617c2852c8bc2c183df171358e284168e68
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b17a78bda96b67b2531c1121e10dd93dd9215f14beb19d23bf54826a0dc21002
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3721C375700304FFEB149B7AAD06ABE76F8EB04710F10812EF947E61A0E770DA049B25
                                                                                                                                                                                                            Function 00DF1341 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 80synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetEvent.KERNEL32(685479F6,00DD533D,00000000,?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000,?), ref: 00DF135E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000,?,00DD5381,FFF9E89D,00DD5381), ref: 00DF1368
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(85F08BFF,000000FF,?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000,?,00DD5381), ref: 00DF13A2
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000,?,00DD5381,FFF9E89D,00DD5381), ref: 00DF13AC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(85F08BFF,00DD5381,00DD533D,00000000,?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000), ref: 00DF13F7
                                                                                                                                                                                                            • CloseHandle.KERNEL32(685479F6,00DD5381,00DD533D,00000000,?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000), ref: 00DF1406
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00E1BA60,00DD5381,00DD533D,00000000,?,00DDC06D,00DD533D,00DD52B5,00000000,?,00DE763B,?,00DD5565,00DD5371,00DD5371,00000000), ref: 00DF1415
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                                                                                                                            • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 1206859064-226982402
                                                                                                                                                                                                            • Opcode ID: ed8ed692ac7d6adfc85bc08181bc899f9f7eb8d8781bdcb80b6341f6459a23af
                                                                                                                                                                                                            • Instruction ID: 1c742748c4ece3e66d2b63614315604160edcde57e0804778e9750e079441c68
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed8ed692ac7d6adfc85bc08181bc899f9f7eb8d8781bdcb80b6341f6459a23af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6821D336200700EFE7315B26DC49BA772F5FF88712F06862DE68AA19A0D775D444DB35
                                                                                                                                                                                                            Function 00DDD5C0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?,00DD46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00DD5386,?,?), ref: 00DDD5CD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00DD5386,?,?), ref: 00DDD5DA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 00DDD612
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00DD5386,?,?), ref: 00DDD61E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                                                            • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
                                                                                                                                                                                                            • API String ID: 1866314245-1140179540
                                                                                                                                                                                                            • Opcode ID: db26493310c879e2d593b04e69bf864dcec812704370dd79992830324d0b3fc3
                                                                                                                                                                                                            • Instruction ID: ecc1e4abfeb3e554279fe53a4a0e51112b3bea9d78d4b0adad604ed99b6756f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: db26493310c879e2d593b04e69bf864dcec812704370dd79992830324d0b3fc3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D11C232B40B21ABEB215B6A9C05FA736D5EF09761F02412AFD09F7290DB60CC418AF5
                                                                                                                                                                                                            Function 00DE91F7 Relevance: 16.7, APIs: 2, Strings: 9, Instructions: 223COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 00DE9297
                                                                                                                                                                                                            • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 00DE92BB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                                                                                                                            • API String ID: 1452528299-4263581490
                                                                                                                                                                                                            • Opcode ID: 0ac2a96dc0cd50a412b33f517eafcc77842797d065d42b8398598cd499ba3f47
                                                                                                                                                                                                            • Instruction ID: 0a470d6bfe7641fa0b6ecfb265793f7d9a7cff6a0a5db8c42cf7215f137af38c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ac2a96dc0cd50a412b33f517eafcc77842797d065d42b8398598cd499ba3f47
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8717FB2D01369AADB11EBA9CC41BEEB7F8EB08310F110126ED14F7291E77499418BB5
                                                                                                                                                                                                            Function 00DEE31B Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00DEE326
                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000082,?,?), ref: 00DEE364
                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00DEE371
                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,?), ref: 00DEE380
                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00DEE38E
                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 00DEE39A
                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00DEE3AB
                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00DEE3CD
                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00DEE3D5
                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00DEE3D8
                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00DEE3E6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 409979828-0
                                                                                                                                                                                                            • Opcode ID: 2085b3be90b7e03fca90e60b714ad7102093007e14b802283152143bce4f4f62
                                                                                                                                                                                                            • Instruction ID: 660201e845251d647449c93e16d90713c906e96c7dabea168e57dc90575ef689
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2085b3be90b7e03fca90e60b714ad7102093007e14b802283152143bce4f4f62
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60219032100208BFCB156FA6DC5CEBF7FA9FB49322B158619F616A71B0D7718810DB61
                                                                                                                                                                                                            Function 00DE9F36 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 220COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WixBundleLayoutDirectory, xrefs: 00DEA068
                                                                                                                                                                                                            • Failed to copy source path., xrefs: 00DEA113
                                                                                                                                                                                                            • Failed to get bundle layout directory property., xrefs: 00DEA083
                                                                                                                                                                                                            • Failed to get current process directory., xrefs: 00DE9FEF
                                                                                                                                                                                                            • Failed to combine layout source with source., xrefs: 00DEA0A0
                                                                                                                                                                                                            • WixBundleLastUsedSource, xrefs: 00DE9F9D
                                                                                                                                                                                                            • Failed to combine last source with source., xrefs: 00DEA00C
                                                                                                                                                                                                            • WixBundleOriginalSource, xrefs: 00DE9FB3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$CloseFileFirstlstrlen
                                                                                                                                                                                                            • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                                                                                                                                                            • API String ID: 2767606509-3003062821
                                                                                                                                                                                                            • Opcode ID: b898f666dbf33d882b9cf9a39a06d32d07a1d7e2b70f4c53b0ea427119f69781
                                                                                                                                                                                                            • Instruction ID: 2a700161365daccd415c8d1b0aac05c77700543eba6cf8c0c1abeab9eef869e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b898f666dbf33d882b9cf9a39a06d32d07a1d7e2b70f4c53b0ea427119f69781
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56715F72D0026AAEDF15EFA9D841AFEBBB5EF08310F15012AF911B7250D775AD408B72
                                                                                                                                                                                                            Function 00DD3083 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000040,00000000,00000000), ref: 00DD30C7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD30D1
                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00DD3129
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD3133
                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00000000,00000040,00000000,00000000,00000000,00000040,00000000,00000000), ref: 00DD31EC
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD31F6
                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00000000,00000007,00000000,00000000,00000000,00000007), ref: 00DD324D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD3257
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                                                                                                                                                            • String ID: pathutil.cpp
                                                                                                                                                                                                            • API String ID: 1547313835-741606033
                                                                                                                                                                                                            • Opcode ID: 8f07434b37cc55f61c6afbf7024c7715490ac5cda5f5a7532480214858fc989b
                                                                                                                                                                                                            • Instruction ID: cc4bb718d47c921d0c9bddbf9dfe3f4833ddef7eea9a57918f8bb56525f82337
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f07434b37cc55f61c6afbf7024c7715490ac5cda5f5a7532480214858fc989b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57619032E00329BBDB219EA98C49BEE7BE8EB44750F114166ED05E7250E734CF448BB5
                                                                                                                                                                                                            Function 00DD2DE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 198sleepfiletimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001,00000000,00000000), ref: 00DD2E7A
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD2E84
                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00DD2F1F
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00DD2FAD
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD2FBA
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00DD2FCC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00DD302C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • pathutil.cpp, xrefs: 00DD2EA8
                                                                                                                                                                                                            • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00DD2F7D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                                                            • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                                                            • API String ID: 3480017824-1101990113
                                                                                                                                                                                                            • Opcode ID: aa508421497986ab16b5451d1e8ff388c0cf9e1354641a5cb37ca4117068b72a
                                                                                                                                                                                                            • Instruction ID: 81838b65a0a71065d905641232c929d7048a98007924524231626005e8e7cb31
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa508421497986ab16b5451d1e8ff388c0cf9e1354641a5cb37ca4117068b72a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13717172901229ABDB309FA5DC48BFAB3F9EF48710F0441A6F915E7290D7349E848B71
                                                                                                                                                                                                            Function 00DDCABE Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,?,000000FF,00DD5381,?,00DD52B5,00000000,00DD5381,FFF9E89D,00DD5381,00DD53B5,00DD533D,?), ref: 00DDCB15
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Payload was not found in container: %ls, xrefs: 00DDCC22
                                                                                                                                                                                                            • Failed to extract file., xrefs: 00DDCBE0
                                                                                                                                                                                                            • Failed to find embedded payload: %ls, xrefs: 00DDCB41
                                                                                                                                                                                                            • Failed to get directory portion of local file path, xrefs: 00DDCBEE
                                                                                                                                                                                                            • Failed to ensure directory exists, xrefs: 00DDCBE7
                                                                                                                                                                                                            • payload.cpp, xrefs: 00DDCC16
                                                                                                                                                                                                            • Failed to concat file paths., xrefs: 00DDCBF5
                                                                                                                                                                                                            • Failed to get next stream., xrefs: 00DDCBFC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                                                            • API String ID: 1825529933-1711239286
                                                                                                                                                                                                            • Opcode ID: 24921a10aad806114e37df3c226f64cca596e15e0a7e850e2e16556faa934073
                                                                                                                                                                                                            • Instruction ID: ad7f992655ed5fb7ea158b7c3a045be9e7c589f0d73b8c001b58ca84c7d9ed69
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24921a10aad806114e37df3c226f64cca596e15e0a7e850e2e16556faa934073
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9941B03192021AEBCF15DF88C9829AEB7B5EF40710F15616BE915BB351C670DD80DBB1
                                                                                                                                                                                                            Function 00DD4690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 00DD46B5
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00DD46BB
                                                                                                                                                                                                            • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00DD4749
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create engine for UX., xrefs: 00DD46D5
                                                                                                                                                                                                            • Failed to start bootstrapper application., xrefs: 00DD4717
                                                                                                                                                                                                            • wininet.dll, xrefs: 00DD46E8
                                                                                                                                                                                                            • Unexpected return value from message pump., xrefs: 00DD479F
                                                                                                                                                                                                            • Failed to load UX., xrefs: 00DD46FE
                                                                                                                                                                                                            • engine.cpp, xrefs: 00DD4795
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$CurrentPeekThread
                                                                                                                                                                                                            • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                                                                            • API String ID: 673430819-2573580774
                                                                                                                                                                                                            • Opcode ID: b1ce0ecede425357af58108eb9c8b201e22a02d86ded5c2d69f062cb0523d81a
                                                                                                                                                                                                            • Instruction ID: 8cc811499006f950f4c96351c0d5f3bcfb93424bf3bd8ca2e57653392e98fb66
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1ce0ecede425357af58108eb9c8b201e22a02d86ded5c2d69f062cb0523d81a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C941BE71600219BFEB159BA4CC85EFAB3ADEF09314F20412AF915EB240EB30ED5587B0
                                                                                                                                                                                                            Function 00DE8CB5 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 127COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 00DE8E01
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create ACL to secure cache path: %ls, xrefs: 00DE8DB7
                                                                                                                                                                                                            • Failed to allocate access for Administrators group to path: %ls, xrefs: 00DE8D08
                                                                                                                                                                                                            • Failed to allocate access for Users group to path: %ls, xrefs: 00DE8D6B
                                                                                                                                                                                                            • Failed to allocate access for Everyone group to path: %ls, xrefs: 00DE8D4A
                                                                                                                                                                                                            • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 00DE8D29
                                                                                                                                                                                                            • Failed to secure cache path: %ls, xrefs: 00DE8DE4
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE8DAC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLocal
                                                                                                                                                                                                            • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                                                                                                                                                            • API String ID: 2826327444-4113288589
                                                                                                                                                                                                            • Opcode ID: 1c0ffb632de2f063b51d40ae342497413d6cb02c12bff18c298326de18fab78a
                                                                                                                                                                                                            • Instruction ID: 2c2d49d98773d11af7c695787fe22bf6c5e58fd42783205ec6d9a6145423a5cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c0ffb632de2f063b51d40ae342497413d6cb02c12bff18c298326de18fab78a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60412771E41369BAEB21A6528C45FEB7A68EB10B10F004065B948FA1C1DE609D48E7B0
                                                                                                                                                                                                            Function 00DF9A57 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 125COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00DFADE5,?,00000001,00000000), ref: 00DF9AE1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00DFADE5,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00DF9AEB
                                                                                                                                                                                                            • CopyFileExW.KERNEL32(00000000,00000000,00DF993C,00000000,00000020,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00DF9B39
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00DFADE5,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00DF9B68
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$AttributesCopy
                                                                                                                                                                                                            • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                                                                                                                            • API String ID: 1969131206-836986073
                                                                                                                                                                                                            • Opcode ID: 280c9b859aa03fc18ea13725a7b2f27a1b7b719c8b16af69ad92a736b5dbf287
                                                                                                                                                                                                            • Instruction ID: 1969c1e9df870e4478106c63481d67cbc6eb188feb4d1b15e1ddaa90e3c7aeee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 280c9b859aa03fc18ea13725a7b2f27a1b7b719c8b16af69ad92a736b5dbf287
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7331C2B1F40729BBEB109A65EC91FBBB3ADEF44750B15C129BD05EA291E760CD0086B1
                                                                                                                                                                                                            Function 00E16ACD Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 116COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,7691DFD0,000000FF,name,000000FF,7691DFD0,?,7691DFD0,?,7691DFD0), ref: 00E16B2B
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,email,000000FF), ref: 00E16B48
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16B86
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16BCD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$CompareFree
                                                                                                                                                                                                            • String ID: 9q$email$name$uri
                                                                                                                                                                                                            • API String ID: 3589242889-1784045917
                                                                                                                                                                                                            • Opcode ID: 9a32b42e34d54763e54c131be8b8a3c705982a88db92430f37e6ce78249f8236
                                                                                                                                                                                                            • Instruction ID: e61fe8afaf0a77762813f3eac863b62b43cb04697122f4706cfeb35c6a8fd782
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a32b42e34d54763e54c131be8b8a3c705982a88db92430f37e6ce78249f8236
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C414F75A09219BBCB11DBA4CC45FEEBBB5AF04724F2052A5E921FB2D0C7319E84DB50
                                                                                                                                                                                                            Function 00DEE05E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadBitmapW.USER32(?,00000001), ref: 00DEE094
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEE0A0
                                                                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00DEE0E7
                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00DEE108
                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00DEE11A
                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00DEE130
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                                                                                                                            • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                                                                                                                            • API String ID: 2342928100-598475503
                                                                                                                                                                                                            • Opcode ID: e9f29ee1552b38bc865a859fb7c81dc3818913cb5c190b893aa9fa8374b21514
                                                                                                                                                                                                            • Instruction ID: 9b2eaa1899ce23a5dd0167b637a50c773c4f186ee44db86f5f49be26d80f320c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9f29ee1552b38bc865a859fb7c81dc3818913cb5c190b893aa9fa8374b21514
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F315E71A00219AFDB10DFB9D989A9EBBF5FB08700F54C129F904EB240DB70D944CBA1
                                                                                                                                                                                                            Function 00DD64B6 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemWow64DirectoryW.KERNEL32(?,00000104), ref: 00DD64F7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD6505
                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00DD6546
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD6550
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get 32-bit system folder., xrefs: 00DD653F
                                                                                                                                                                                                            • Failed to backslash terminate system folder., xrefs: 00DD65A2
                                                                                                                                                                                                            • Failed to get 64-bit system folder., xrefs: 00DD657E
                                                                                                                                                                                                            • Failed to set system folder variant value., xrefs: 00DD65BE
                                                                                                                                                                                                            • variable.cpp, xrefs: 00DD6535, 00DD6574
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DirectoryErrorLastSystem$Wow64
                                                                                                                                                                                                            • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 2634638900-1590374846
                                                                                                                                                                                                            • Opcode ID: 56b9abc705a20d32e1586505169467373d4f827a795e569cdcb18a81cd1cb01b
                                                                                                                                                                                                            • Instruction ID: 9341b674a90b00ee875e7c3aa31af45489d4544fb4046b348e78c2f3731a7479
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56b9abc705a20d32e1586505169467373d4f827a795e569cdcb18a81cd1cb01b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA21FBB2B41334ABEB209B65AC05BEB77D8DF00750F114166FD09F7280DA64DE8485F1
                                                                                                                                                                                                            Function 00DE4ED2 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,?,?,00E1B4F0), ref: 00DE4EDB
                                                                                                                                                                                                            • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 00DE4F79
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00DE4F92
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$CloseCurrentHandle
                                                                                                                                                                                                            • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                                                                                                                            • API String ID: 2815245435-1352204306
                                                                                                                                                                                                            • Opcode ID: fe0c60213abd03dc50698d0920d6441b828ea785cb04328e2ef0afce8fb70413
                                                                                                                                                                                                            • Instruction ID: d17a5828aece259dad62bd354235a751a17b217119e0c195cab28080fb7002d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe0c60213abd03dc50698d0920d6441b828ea785cb04328e2ef0afce8fb70413
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B215CB6D01218FF8F01AF96D8418EEBBB8EF08750B10916AF915B2250D7759E509BA0
                                                                                                                                                                                                            Function 00DD671C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 74libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 00DD6746
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00DD674D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD6757
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get msi.dll version info., xrefs: 00DD679F
                                                                                                                                                                                                            • Failed to find DllGetVersion entry point in msi.dll., xrefs: 00DD6785
                                                                                                                                                                                                            • DllGetVersion, xrefs: 00DD6738
                                                                                                                                                                                                            • Failed to set variant value., xrefs: 00DD67C3
                                                                                                                                                                                                            • variable.cpp, xrefs: 00DD677B
                                                                                                                                                                                                            • msi, xrefs: 00DD673D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                            • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                                                                                                                            • API String ID: 4275029093-842451892
                                                                                                                                                                                                            • Opcode ID: dd2b43a08434d300c606319c01fded578dc66e45bbe494f868955c3ea9e18a43
                                                                                                                                                                                                            • Instruction ID: 470c6411595c777bc8456eea2effc87d1fb05efe10d79934e3e8d8754fb39647
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd2b43a08434d300c606319c01fded578dc66e45bbe494f868955c3ea9e18a43
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4511D671A40729BAE720AB79DC45AFFB7D8EB08710F11451AFE05F7280DA64DD4882F1
                                                                                                                                                                                                            Function 00DD1174 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD1185
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD1190
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DD119E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD11B9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00DD11C1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00DD111A,cabinet.dll,00000009,?,?,00000000), ref: 00DD11D6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                                                                                                                                                            • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                                                                                                                                                            • API String ID: 3104334766-1824683568
                                                                                                                                                                                                            • Opcode ID: e5efba092d55bae755f62b397565195f7bc963488cbd8822ec7b45e6a18eea5e
                                                                                                                                                                                                            • Instruction ID: 513a6acdb2cd7d86f8e885ec9b5780a2b3719d98ae2fe1d0b5d4dda002d3a91f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5efba092d55bae755f62b397565195f7bc963488cbd8822ec7b45e6a18eea5e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61015A75600315FE9A206FA69C09DAB7B6EFB44791B048012FA15E2240DB70DA488AB1
                                                                                                                                                                                                            Function 00DEF3E6 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00DEF3FB
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00DEF576
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Engine is active, cannot change engine state., xrefs: 00DEF415
                                                                                                                                                                                                            • UX did not provide container or payload id., xrefs: 00DEF565
                                                                                                                                                                                                            • Failed to set download URL., xrefs: 00DEF4D5
                                                                                                                                                                                                            • UX requested unknown payload with id: %ls, xrefs: 00DEF450
                                                                                                                                                                                                            • UX requested unknown container with id: %ls, xrefs: 00DEF4A0
                                                                                                                                                                                                            • Failed to set download password., xrefs: 00DEF524
                                                                                                                                                                                                            • Failed to set download user., xrefs: 00DEF4FE
                                                                                                                                                                                                            • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 00DEF466
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-2615595102
                                                                                                                                                                                                            • Opcode ID: abbbfbc929660428dced291ad0127e5e0eb62a48ffe4507431fa94ff79d3d974
                                                                                                                                                                                                            • Instruction ID: 033bdd0fa1c0fdd38ff81f467522d581f3aead1928872a00c68add4933c4901f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: abbbfbc929660428dced291ad0127e5e0eb62a48ffe4507431fa94ff79d3d974
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B41C572A01652FBDB21BF26DC05A6B77A8EF50720F198176F805A7280EB74DD50CBB1
                                                                                                                                                                                                            Function 00E15916 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194filememoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000000,000000FF,?,00000000,00000000), ref: 00E15955
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E15963
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 00E159A4
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E159B1
                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00E15B26
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00E15B35
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                                                                                                                            • String ID: GET$dlutil.cpp
                                                                                                                                                                                                            • API String ID: 2028584396-3303425918
                                                                                                                                                                                                            • Opcode ID: 4ea61834280657d2e534b66fc1add5acbc8eef913273c0256ea7d5d7df731fc2
                                                                                                                                                                                                            • Instruction ID: 0a63df39259957f6641096b76442c2cc5a076e533885383525a20396199b5c21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ea61834280657d2e534b66fc1add5acbc8eef913273c0256ea7d5d7df731fc2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89615B72A40619EFDB11DFA5CC84BEE7BB9EF88364F115219FD15B3250D77099808B90
                                                                                                                                                                                                            Function 00DE0AAE Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 182COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DE0E7E: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,00DE0ACD,?,00000000,?,00000000,00000000), ref: 00DE0EAD
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 00DE0C51
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE0C5E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create syncpoint event., xrefs: 00DE0C8C
                                                                                                                                                                                                            • Failed to append rollback cache action., xrefs: 00DE0B2D
                                                                                                                                                                                                            • Failed to append cache action., xrefs: 00DE0BA8
                                                                                                                                                                                                            • Failed to append payload cache action., xrefs: 00DE0C08
                                                                                                                                                                                                            • plan.cpp, xrefs: 00DE0C82
                                                                                                                                                                                                            • Failed to append package start action., xrefs: 00DE0AF3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareCreateErrorEventLastString
                                                                                                                                                                                                            • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                                                                                                                            • API String ID: 801187047-2489563283
                                                                                                                                                                                                            • Opcode ID: de3740cba20a14bdec745f5af6aaba2938dcd158c7f8f62c0590721654dd70a7
                                                                                                                                                                                                            • Instruction ID: f43adfca3e7d7ded9727247eac9ec9bc33adb46c0a0a877415249c18eb67bee8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: de3740cba20a14bdec745f5af6aaba2938dcd158c7f8f62c0590721654dd70a7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C619175500744EFCB05EF69C880AAABBF9FF88314F218469E855DB211DB70EE81DB60
                                                                                                                                                                                                            Function 00DE473A Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,00000008,00DD4740,00000000,?,00000000,00000000,?,00000000,00DD4740,?,?,00000000,?,00000000), ref: 00DE4765
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE4772
                                                                                                                                                                                                            • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 00DE481B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE4825
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastRead
                                                                                                                                                                                                            • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                                                                                                                                                            • API String ID: 1948546556-3912962418
                                                                                                                                                                                                            • Opcode ID: f75401c40f81ed3c2a208d13a183d4a6bd149cc72e895d45fa42b72f92bb3a42
                                                                                                                                                                                                            • Instruction ID: 0d97336a279bb6937fb0e4727186714f55e48623479310110c7ea176f974a451
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f75401c40f81ed3c2a208d13a183d4a6bd149cc72e895d45fa42b72f92bb3a42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7131E571A40365BBE710AE66EC45BAAB7A8FF05711F108126F805F6580D774DE048BF1
                                                                                                                                                                                                            Function 00DE51E9 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,00DD5386,00000000,00000000,?,00000000), ref: 00DE5292
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DD4B5B,?,?,00000000,?,?,?,?,?,?,00E1B490,?,?), ref: 00DE529D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post terminate message to child process cache thread., xrefs: 00DE5261
                                                                                                                                                                                                            • pipe.cpp, xrefs: 00DE52C1
                                                                                                                                                                                                            • Failed to wait for child process exit., xrefs: 00DE52CB
                                                                                                                                                                                                            • Failed to write restart to message buffer., xrefs: 00DE5235
                                                                                                                                                                                                            • Failed to write exit code to message buffer., xrefs: 00DE520D
                                                                                                                                                                                                            • Failed to post terminate message to child process., xrefs: 00DE527D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                                                            • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                                                                                                                            • API String ID: 1211598281-2161881128
                                                                                                                                                                                                            • Opcode ID: 9d200d99f4b4db3babb47455ccb02570c364c13d6dc4d6191ec1cd694a58bdaf
                                                                                                                                                                                                            • Instruction ID: 480effdeaf889f77fc641d39d1a3969a9f96dc04c33e988a135fd5765ae02151
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d200d99f4b4db3babb47455ccb02570c364c13d6dc4d6191ec1cd694a58bdaf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E21E432941B69FBDB127AA5AC01A9E7BA8EF04764F210312FA10B6190D7749E5097F4
                                                                                                                                                                                                            Function 00DE8E92 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 88fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,00DE9CFF,00000003,000007D0,00000003,?,000007D0), ref: 00DE8EAC
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE9CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000000,-00000004), ref: 00DE8EB9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00DE9CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000000), ref: 00DE8F80
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to verify catalog signature of payload: %ls, xrefs: 00DE8F47
                                                                                                                                                                                                            • Failed to verify signature of payload: %ls, xrefs: 00DE8F28
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE8EEF
                                                                                                                                                                                                            • Failed to verify hash of payload: %ls, xrefs: 00DE8F6B
                                                                                                                                                                                                            • Failed to open payload at path: %ls, xrefs: 00DE8EFC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                                                                                                                            • API String ID: 2528220319-2757871984
                                                                                                                                                                                                            • Opcode ID: d221c3764aafbe4ae7d312ea75e718d7fb14eeaed62e3274aa11e52d72d59290
                                                                                                                                                                                                            • Instruction ID: 6738db83b2dad08292d1d98813198ee03ae9d59562766d2999dc2a5a4fcd7208
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d221c3764aafbe4ae7d312ea75e718d7fb14eeaed62e3274aa11e52d72d59290
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38210832A406B5BBD7223A669C49F9B7A16FF04770F144211FC08751A0DB35DC60EAF1
                                                                                                                                                                                                            Function 00DD69B8 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00DD6A03
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD6A0D
                                                                                                                                                                                                            • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 00DD6A51
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD6A5B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                                                                                                                                                            • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 124030351-4026719079
                                                                                                                                                                                                            • Opcode ID: 2bef0190b736c3be52c05e7a1b2609b1009673d4cc73c3bad9b62114a015ffc5
                                                                                                                                                                                                            • Instruction ID: f5782bd723aad82bed6518182cdf20f0d446f448a3027d187596ea0996ae8f45
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bef0190b736c3be52c05e7a1b2609b1009673d4cc73c3bad9b62114a015ffc5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D321A672B40328AAE720EA659C45FDB72ECDB44710F118166BE45F7281EA349D8486F5
                                                                                                                                                                                                            Function 00DEAB3C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,?), ref: 00DEAB53
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEAB5D
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 00DEAB9C
                                                                                                                                                                                                            • CoUninitialize.OLE32(?,00DEC4F4,?,?), ref: 00DEABD9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to initialize COM., xrefs: 00DEABA8
                                                                                                                                                                                                            • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 00DEAB8B
                                                                                                                                                                                                            • Failed to pump messages in child process., xrefs: 00DEABC7
                                                                                                                                                                                                            • elevation.cpp, xrefs: 00DEAB81
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorInitializeLastUninitializeValue
                                                                                                                                                                                                            • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                                                                                                                            • API String ID: 876858697-113251691
                                                                                                                                                                                                            • Opcode ID: ad34b83c5e20719fc213c1087e1aea2b6dc55d9038fb7a3a092807004eeb9ab5
                                                                                                                                                                                                            • Instruction ID: 2d1e1da2343e5fb5a08099d7ed688a7a0211a9e3b4691200dca686eb3769bb21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad34b83c5e20719fc213c1087e1aea2b6dc55d9038fb7a3a092807004eeb9ab5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9110272A12772BF97212B6ADC059DBBAD8EF04B60B115116FC05F3250EBB0AD5096F2
                                                                                                                                                                                                            Function 00DD5BF0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00DD5C77
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                                                                                                                            • API String ID: 47109696-3209209246
                                                                                                                                                                                                            • Opcode ID: 9892a6b24ab0c407776bd2d119f60a399800a7fe90683b2733f364194a8e2c80
                                                                                                                                                                                                            • Instruction ID: 63f9d71b564ade5bf8ad6222df74850ae117fa559d4963b0b92927fee39b0792
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9892a6b24ab0c407776bd2d119f60a399800a7fe90683b2733f364194a8e2c80
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23012832A48738B7CB12AA58ED03EDE77A8DF40760F105167FC00B6314D7B18E8092E0
                                                                                                                                                                                                            Function 00DFA024 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,00000001,00000000,?), ref: 00DFA0F1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00DFA0FB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • apply.cpp, xrefs: 00DFA11F
                                                                                                                                                                                                            • Failed to clear readonly bit on payload destination path: %ls, xrefs: 00DFA12A
                                                                                                                                                                                                            • :, xrefs: 00DFA174
                                                                                                                                                                                                            • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 00DFA1D8
                                                                                                                                                                                                            • download, xrefs: 00DFA0BB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                            • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                                                                                                                            • API String ID: 1799206407-1905830404
                                                                                                                                                                                                            • Opcode ID: 416b0320092dac4a8dae5fafecc814bb5e246983eb1a6340920b4821fcc9090a
                                                                                                                                                                                                            • Instruction ID: 3979111a49df371995563fb93e38c9e15841c6e86c3cf659fd030479999e7000
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 416b0320092dac4a8dae5fafecc814bb5e246983eb1a6340920b4821fcc9090a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D5182B1A00319AFDB11DF98C841AFAB7B5EF08710F16C059E919EB251E771DE80CBA1
                                                                                                                                                                                                            Function 00E16DA8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,7691DFD0,000000FF,type,000000FF,?,7691DFD0,7691DFD0,7691DFD0), ref: 00E16DFE
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16E49
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16EC5
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E16F11
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Free$Compare
                                                                                                                                                                                                            • String ID: type$url
                                                                                                                                                                                                            • API String ID: 1324494773-1247773906
                                                                                                                                                                                                            • Opcode ID: a81c9cfa3aa65ee3402c7cfc8216c0925ca24e01040f19f1b762faaa6624392b
                                                                                                                                                                                                            • Instruction ID: febb5ab4b9c2acb44d76e170a91767784df4d2517e19f8519e975cf2c05bd6c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a81c9cfa3aa65ee3402c7cfc8216c0925ca24e01040f19f1b762faaa6624392b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73513875A01219EFCF15DFA4C844EEEBBB9AF08715F1052A9E811FB1A0D7319E84DB50
                                                                                                                                                                                                            Function 00E1837F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000000,?,?,00DF8E1F,000002C0,00000100), ref: 00E183AD
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,00DF8E1F,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 00E183C8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                                                            • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                                                                                                                            • API String ID: 2664528157-4206478990
                                                                                                                                                                                                            • Opcode ID: 8833c7215c6ce5ac3290bc009b999438da16101eb645a5a31e347283045182e3
                                                                                                                                                                                                            • Instruction ID: f0c25ad2078073216daf1ae6ce32cdc3b1dcd0f4214b17febd57e3ce0bdcc33c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8833c7215c6ce5ac3290bc009b999438da16101eb645a5a31e347283045182e3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE51A071604302BBEB219F54CD81FAA77A6EB04764F209214F965FB2D1DF70E980CB20
                                                                                                                                                                                                            Function 00E1635A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 152fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E163B7
                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000000,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00E164AE
                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00E164BD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseDeleteErrorFileHandleLast
                                                                                                                                                                                                            • String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                                                                                                                                                            • API String ID: 3522763407-1704223933
                                                                                                                                                                                                            • Opcode ID: b79c230f7a32a9cbfa8f54c8ba9a01c6403c74a162c757479fe5c583fba872f1
                                                                                                                                                                                                            • Instruction ID: 54fed769546200e61162fa5199ac5235a066c2e4fee7f7003f8033e2217602e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b79c230f7a32a9cbfa8f54c8ba9a01c6403c74a162c757479fe5c583fba872f1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C513972900219BADF129FA4CC45EEEBAB8FF48710F015165FA24F6190E7358A959BA0
                                                                                                                                                                                                            Function 00DE0419 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 133registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 00DE054A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 00DE0559
                                                                                                                                                                                                              • Part of subcall function 00E10AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,00DE0491,?,00000000,00020006), ref: 00E10AFA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to update resume mode., xrefs: 00DE052E
                                                                                                                                                                                                            • %ls.RebootRequired, xrefs: 00DE0467
                                                                                                                                                                                                            • Failed to open registration key., xrefs: 00DE0591
                                                                                                                                                                                                            • Failed to delete registration key: %ls, xrefs: 00DE04F8
                                                                                                                                                                                                            • Failed to write volatile reboot required registry key., xrefs: 00DE0495
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$Create
                                                                                                                                                                                                            • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
                                                                                                                                                                                                            • API String ID: 359002179-2517785395
                                                                                                                                                                                                            • Opcode ID: 39e97ec0afe7b48cfa0923457ed9eceecec3802e0548226ac4f6b536aadb560f
                                                                                                                                                                                                            • Instruction ID: 7f8b7c7b8a42bd4d439b385141d4a2259dc98e1a847348888797a7ea0cdb6127
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39e97ec0afe7b48cfa0923457ed9eceecec3802e0548226ac4f6b536aadb560f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41419E32900758BBDF22BFA2DC02EAF7BBAEF40310F144469F64562151D7B59A90DB71
                                                                                                                                                                                                            Function 00E1143C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 123stringregistryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 00E11479
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000000,00000000,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 00E114F1
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,?,00000001), ref: 00E114FD
                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00020006,?,00000000,00000007,00000000,?,00000000,?,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006), ref: 00E1153D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen$Value
                                                                                                                                                                                                            • String ID: @d$BundleUpgradeCode$regutil.cpp
                                                                                                                                                                                                            • API String ID: 198323757-3578687848
                                                                                                                                                                                                            • Opcode ID: 25f82e38fad30d4e962a569c4dee280771037251746bb3e89787d1a02ed982ef
                                                                                                                                                                                                            • Instruction ID: d65ad4b00e86b1bf3d973510d0ebda416b28671974a3f6f5e1a41d3cd7139d3a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25f82e38fad30d4e962a569c4dee280771037251746bb3e89787d1a02ed982ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9541D632E00226AFCB11DFA8D841AEE7BBAEF48710F114169FE11B7210D630DD518BA1
                                                                                                                                                                                                            Function 00DDF69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00DDF7CD
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00DDF7DA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • %ls.RebootRequired, xrefs: 00DDF6BA
                                                                                                                                                                                                            • Resume, xrefs: 00DDF741
                                                                                                                                                                                                            • Failed to format pending restart registry key to read., xrefs: 00DDF6D1
                                                                                                                                                                                                            • Failed to open registration key., xrefs: 00DDF736
                                                                                                                                                                                                            • Failed to read Resume value., xrefs: 00DDF763
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                            • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                                                            • API String ID: 3535843008-3890505273
                                                                                                                                                                                                            • Opcode ID: cb88ce3f5c12c8487a5f116af42c67ab9ad98529a524a0ef8ce9401566c805de
                                                                                                                                                                                                            • Instruction ID: 44f9258811ef9efed7c49e6bbbead2424102f9649037eb9febc354519e1387d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb88ce3f5c12c8487a5f116af42c67ab9ad98529a524a0ef8ce9401566c805de
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33414F36900219FFCB119F98C881AEDBBB5FB05310F258177E816AB310D371AE80DBA0
                                                                                                                                                                                                            Function 00DEA7FA Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                                                                                                                            • API String ID: 0-660234312
                                                                                                                                                                                                            • Opcode ID: c2ff22a8c7fe58da3ea4a8a922ac45147c1a4651143bc7810e01e1125a7d7dae
                                                                                                                                                                                                            • Instruction ID: f2b1006d23a7ba775e49eba2ff9d48160f855a9c23d23e8f2ed04045e6e36279
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2ff22a8c7fe58da3ea4a8a922ac45147c1a4651143bc7810e01e1125a7d7dae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE31CD32D0426ABBDF21AA5DCC45EAEB779EF44720F214366F920B61D0E7309E419771
                                                                                                                                                                                                            Function 00DFD677 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00E30A84,00000000,00000017,00E30A94,?,?,00000000,00000000,?,?,?,?,?,00DFDCAE,00000000,00000000), ref: 00DFD6AF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WixBurn, xrefs: 00DFD6DA
                                                                                                                                                                                                            • Failed to set BITS job to foreground., xrefs: 00DFD730
                                                                                                                                                                                                            • Failed to create IBackgroundCopyManager., xrefs: 00DFD6BB
                                                                                                                                                                                                            • Failed to create BITS job., xrefs: 00DFD6E9
                                                                                                                                                                                                            • Failed to set progress timeout., xrefs: 00DFD719
                                                                                                                                                                                                            • Failed to set notification flags for BITS job., xrefs: 00DFD701
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                                            • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                                                                                                                            • API String ID: 542301482-468763447
                                                                                                                                                                                                            • Opcode ID: ecf09537dffd5e73c229fd43d61b9734c51a5198997854a187aacf0f0ec248e1
                                                                                                                                                                                                            • Instruction ID: 53313fdf5c444d7d192064597e0716f517449987db44ce34cac6d42beb683825
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecf09537dffd5e73c229fd43d61b9734c51a5198997854a187aacf0f0ec248e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5318F31A4031EAF9714DF68C859EBFBBB6AF48711F114159EA06FB250CA70EC01CBA1
                                                                                                                                                                                                            Function 00E15C68 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 00E15CB2
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E15CBF
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 00E15D06
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000C8,00000000), ref: 00E15D6E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                                                                                                                            • String ID: %ls.R$dlutil.cpp
                                                                                                                                                                                                            • API String ID: 2136311172-657863730
                                                                                                                                                                                                            • Opcode ID: 7c8b2e99202a0e073285a1dd2d476be3b968ef884118ff877ab22852784a6409
                                                                                                                                                                                                            • Instruction ID: efc8e7ec946553b4b26f5fd29b615bff7e2679dae1a83e78ecaba12c57d80fd1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c8b2e99202a0e073285a1dd2d476be3b968ef884118ff877ab22852784a6409
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8131B072A00610EFEB208F69DC49BEB7AA8EB45724F11821AFE05FB2D0D7704D4087A1
                                                                                                                                                                                                            Function 00DDC7DF Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 97fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DDCC57: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,00DDE336,000000FF,00000000,00000000,00DDE336,?,?,00DDDADD,?,?,?,?), ref: 00DDCC82
                                                                                                                                                                                                            • CreateFileW.KERNEL32(E900E1BA,80000000,00000005,00000000,00000003,08000000,00000000,00DD52BD,00E1B450,00000000,00DD53B5,04680A79,?,00DD52B5,00000000,00DD5381), ref: 00DDC84F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DE75F7,00DD5565,00DD5371,00DD5371,00000000,?,00DD5381,FFF9E89D,00DD5381,00DD53B5,00DD533D,?,00DD533D), ref: 00DDC894
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to open catalog in working path: %ls, xrefs: 00DDC8C2
                                                                                                                                                                                                            • Failed to verify catalog signature: %ls, xrefs: 00DDC88D
                                                                                                                                                                                                            • Failed to find payload for catalog file., xrefs: 00DDC8D9
                                                                                                                                                                                                            • Failed to get catalog local file path, xrefs: 00DDC8D2
                                                                                                                                                                                                            • catalog.cpp, xrefs: 00DDC8B5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareCreateErrorFileLastString
                                                                                                                                                                                                            • String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                                                                                                                            • API String ID: 1774366664-48089280
                                                                                                                                                                                                            • Opcode ID: dcb43607180e988a68b8efc32d9b01af07f7cfce28a48cfb6fb52063e04d65a9
                                                                                                                                                                                                            • Instruction ID: 5a0f6e14a4d247addac7a435f90921381fcdca626ca11bd978ceb398360c88dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcb43607180e988a68b8efc32d9b01af07f7cfce28a48cfb6fb52063e04d65a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE31A431A50716BFD7119AA8CC41F99BBA4EF04710F219226F909FB390E771A950EBE0
                                                                                                                                                                                                            Function 00DFD12C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,769230B0,00000000,?,?,?,?,00DFD439,?), ref: 00DFD145
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?,?,?,?,00DFD439,?), ref: 00DFD161
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DFD1A4
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00DFD1BB
                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00DFD1C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get message from netfx chainer., xrefs: 00DFD1E5
                                                                                                                                                                                                            • Failed to send files in use message from netfx chainer., xrefs: 00DFD20A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                                                                                                                            • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                                                                                                                                                            • API String ID: 2608678126-3424578679
                                                                                                                                                                                                            • Opcode ID: d4ae0c8e14be3e35c469befaefde620fcb0786bd8a19e8d0e8fa3f1ae19052d4
                                                                                                                                                                                                            • Instruction ID: 7c30b9d78819a0875945ba8b9f5b4f7a24d163c3c70976c6809cecb19f6657b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ae0c8e14be3e35c469befaefde620fcb0786bd8a19e8d0e8fa3f1ae19052d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA31C831900709BFCB119F54DC08EEEBBB6EF44320F15C655F655A6161C775DA44CBA0
                                                                                                                                                                                                            Function 00E1082D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 00E1089A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00E108A4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 00E108ED
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00E108FA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                                                                                                                            • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                                                                                                                            • API String ID: 161867955-2732225242
                                                                                                                                                                                                            • Opcode ID: 4112acf3b87aeca611a811afe6dfb82608ee32183f725e81b638f6bdc8cea6dc
                                                                                                                                                                                                            • Instruction ID: 33cf4d311fdc49779f44ce9b6db3b87b2299f1a46c4c9696ae24d8192453ca42
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4112acf3b87aeca611a811afe6dfb82608ee32183f725e81b638f6bdc8cea6dc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4221287290021EFFDB10AFE5C9409EEBBB9EF04314F10502AEA05B6261D7705E849BA1
                                                                                                                                                                                                            Function 00DD9B3F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00DD9B72
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD9B81
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed get to file attributes. '%ls', xrefs: 00DD9BC0
                                                                                                                                                                                                            • File search: %ls, did not find path: %ls, xrefs: 00DD9BD5
                                                                                                                                                                                                            • Failed to set variable., xrefs: 00DD9C07
                                                                                                                                                                                                            • Failed to format variable string., xrefs: 00DD9B65
                                                                                                                                                                                                            • search.cpp, xrefs: 00DD9BB3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                            • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                                                                                                                            • API String ID: 1799206407-2053429945
                                                                                                                                                                                                            • Opcode ID: 3de1e33447b0c3e0eb8b7804b77462e73b384d49f43504f5cb042e42c2ceb25d
                                                                                                                                                                                                            • Instruction ID: 867b115d1ce92bb364d9b6fa136f6bebf54ec7ddfebc92fbccaab134665f45d3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3de1e33447b0c3e0eb8b7804b77462e73b384d49f43504f5cb042e42c2ceb25d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A21F732E40314BBDB116AA49D52AAEF7A9EF14310F214217FC00B6390E7729E90D6F1
                                                                                                                                                                                                            Function 00DECCF4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53synchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,00DED134,00000000,?,?,00DEC59C,00000001,?,?,?,?,?), ref: 00DECD06
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DED134,00000000,?,?,00DEC59C,00000001,?,?,?,?,?,00000000,00000000,?), ref: 00DECD10
                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(00000001,?,?,?,00DED134,00000000,?,?,00DEC59C,00000001,?,?,?,?,?,00000000), ref: 00DECD4C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DED134,00000000,?,?,00DEC59C,00000001,?,?,?,?,?,00000000,00000000,?), ref: 00DECD56
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                                                            • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                                                                                                                            • API String ID: 3686190907-1954264426
                                                                                                                                                                                                            • Opcode ID: 260e2f00fd7c1426bcf2f4c065821754b4de328505e07cf66d5d3a1e6b29e2c4
                                                                                                                                                                                                            • Instruction ID: 3db597b0d2d1c9c8c75093d418965e070fe41c168efeebd1e4853ed1d5e0fc86
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 260e2f00fd7c1426bcf2f4c065821754b4de328505e07cf66d5d3a1e6b29e2c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3012872B50734BBA7206B7AAD06BEB79D8DF08790F025126FD05F6190E7658E0481F5
                                                                                                                                                                                                            Function 00DE67B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00DE6CFB,00DD4740,?,00000000,?,00000000,00000001), ref: 00DE67BD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE6CFB,00DD4740,?,00000000,?,00000000,00000001), ref: 00DE67C7
                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(00000001,00000000,?,00DE6CFB,00DD4740,?,00000000,?,00000000,00000001), ref: 00DE6806
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DE6CFB,00DD4740,?,00000000,?,00000000,00000001), ref: 00DE6810
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                                                            • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                                                                                                                            • API String ID: 3686190907-2546940223
                                                                                                                                                                                                            • Opcode ID: 934d02bd1408e8571ba4a892b0b62b53fa4f15ccd5ff7d21ccf5a50ec6a51d46
                                                                                                                                                                                                            • Instruction ID: 9d7d993189dee106f4b1aebe586b36ff5560f21ed65310aa59d34441f4bb26bd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 934d02bd1408e8571ba4a892b0b62b53fa4f15ccd5ff7d21ccf5a50ec6a51d46
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18016171340304FFEB08AB66EE56BBE76E5EB04750F10512EB806E51E0EB75CE049528
                                                                                                                                                                                                            Function 00DEF586 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00DEF59B
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00DEF6A8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Engine is active, cannot change engine state., xrefs: 00DEF5B5
                                                                                                                                                                                                            • UX denied while trying to set source on embedded payload: %ls, xrefs: 00DEF61D
                                                                                                                                                                                                            • UX requested unknown payload with id: %ls, xrefs: 00DEF607
                                                                                                                                                                                                            • UX requested unknown container with id: %ls, xrefs: 00DEF667
                                                                                                                                                                                                            • Failed to set source path for container., xrefs: 00DEF68D
                                                                                                                                                                                                            • Failed to set source path for payload., xrefs: 00DEF637
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-4121889706
                                                                                                                                                                                                            • Opcode ID: 3245419dd23500b88450067cf9b1405e5b4d4fe815e619f2a89d3835069cd4ef
                                                                                                                                                                                                            • Instruction ID: c84b0511cc3e260b5dd046aba64a23e41c6dedc27eac4c8adc971eb429bd9b17
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3245419dd23500b88450067cf9b1405e5b4d4fe815e619f2a89d3835069cd4ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B310672A51661BBCB21AB5ADC06DAA73ACDF54720B19816EF804FB350DB74ED4087B0
                                                                                                                                                                                                            Function 00DD70D4 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000), ref: 00DD70E7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to allocate buffer for escaped string., xrefs: 00DD70FE
                                                                                                                                                                                                            • Failed to format escape sequence., xrefs: 00DD7181
                                                                                                                                                                                                            • Failed to append escape sequence., xrefs: 00DD717A
                                                                                                                                                                                                            • Failed to append characters., xrefs: 00DD7173
                                                                                                                                                                                                            • Failed to copy string., xrefs: 00DD719B
                                                                                                                                                                                                            • []{}, xrefs: 00DD7111
                                                                                                                                                                                                            • [\%c], xrefs: 00DD7146
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                            • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                                                                                                                            • API String ID: 1659193697-3250950999
                                                                                                                                                                                                            • Opcode ID: e1800c19bbf195ed9be6c0f13dd158d9ff382c2bf824a163c793527c7affc244
                                                                                                                                                                                                            • Instruction ID: 8ccd48946660556e7427d81a65a8fb9681f95c59ad744220e746336d3c80164e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1800c19bbf195ed9be6c0f13dd158d9ff382c2bf824a163c793527c7affc244
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9121D833E88325BADB215694DC02BEE77A8DF14710F302297F900F6241FB74AE8192B4
                                                                                                                                                                                                            Function 00DF59B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,00E1B4F0,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,00DF659B,?,00000001,?,00E1B490), ref: 00DF5A19
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to copy target product code., xrefs: 00DF5B4C
                                                                                                                                                                                                            • Failed to plan action for target product., xrefs: 00DF5AC4
                                                                                                                                                                                                            • feclient.dll, xrefs: 00DF5A0F, 00DF5B39
                                                                                                                                                                                                            • Failed to insert execute action., xrefs: 00DF5A6E
                                                                                                                                                                                                            • Failed grow array of ordered patches., xrefs: 00DF5AB2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                                                                                                                                                                            • API String ID: 1825529933-3477540455
                                                                                                                                                                                                            • Opcode ID: e5ef111f676f589bb094817c7c2b681d7aca0a2ccc53e448b232c67309f4280a
                                                                                                                                                                                                            • Instruction ID: 9c4242984a293a899b33db7382c640dd17eaaf7731ee1f7cd44304f14c6fe731
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5ef111f676f589bb094817c7c2b681d7aca0a2ccc53e448b232c67309f4280a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E8136B560075ADFCB15CF58D880AAA77A4FF08324F168669EE159B356C730EC61CF60
                                                                                                                                                                                                            Function 00DF9039 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 171COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,00DE6F20,000000B8,0000001C,00000100), ref: 00DF9068
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,00E1B4A8,000000FF,?,?,?,00DE6F20,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 00DF9101
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • comres.dll, xrefs: 00DF9187
                                                                                                                                                                                                            • detect.cpp, xrefs: 00DF9163
                                                                                                                                                                                                            • BA aborted detect forward compatible bundle., xrefs: 00DF916D
                                                                                                                                                                                                            • Failed to initialize update bundle., xrefs: 00DF91A9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
                                                                                                                                                                                                            • API String ID: 1825529933-439563586
                                                                                                                                                                                                            • Opcode ID: 8523d2e0eab0117155106d2b6a96fe24d841d44362250be8dac060edca49ac0c
                                                                                                                                                                                                            • Instruction ID: 854232ca325df41d8c705ad0897b1c359bfe1aeb44a8c5b9420daf2386177f21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8523d2e0eab0117155106d2b6a96fe24d841d44362250be8dac060edca49ac0c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D51DF71A0021ABFDF159F34CC95A7AB7AAFF05320B158264FA15DA251DB31DC60CBB0
                                                                                                                                                                                                            Function 00DEA998 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 138COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,000000FF,00AAC56B,?,00DD52B5,00000000,00DD533D), ref: 00DEAA90
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,00AAC56B,?,00DD52B5,00000000,00DD533D), ref: 00DEAAD4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to verify expected payload against actual certificate chain., xrefs: 00DEAB1A
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DEAA66, 00DEAAB4, 00DEAAF8
                                                                                                                                                                                                            • Failed authenticode verification of payload: %ls, xrefs: 00DEAA71
                                                                                                                                                                                                            • Failed to get signer chain from authenticode certificate., xrefs: 00DEAB02
                                                                                                                                                                                                            • Failed to get provider state from authenticode certificate., xrefs: 00DEAABE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp
                                                                                                                                                                                                            • API String ID: 1452528299-2590768268
                                                                                                                                                                                                            • Opcode ID: df8331240ba46162df873349908a428cd1763560f6aefdd5a1fbc620c1d4b00b
                                                                                                                                                                                                            • Instruction ID: 410e453796512dc6db98d7f2c9326126c0412a8350ab067bad82836e930c8d5a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: df8331240ba46162df873349908a428cd1763560f6aefdd5a1fbc620c1d4b00b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4417871E40369ABEB109BA9DD45BDFBBE8EF08310F01022AFD05F7291D770994486B5
                                                                                                                                                                                                            Function 00DED206 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000001,00E1B4F0,?,00000001,000000FF,?,?,76D695A0,00000000,00000001,00000000,?,00DE72F3), ref: 00DED32F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to connect to elevated child process., xrefs: 00DED318
                                                                                                                                                                                                            • Failed to elevate., xrefs: 00DED311
                                                                                                                                                                                                            • UX aborted elevation requirement., xrefs: 00DED244
                                                                                                                                                                                                            • Failed to create pipe name and client token., xrefs: 00DED270
                                                                                                                                                                                                            • Failed to create pipe and cache pipe., xrefs: 00DED28C
                                                                                                                                                                                                            • elevation.cpp, xrefs: 00DED23A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                            • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                                                                                                                            • API String ID: 2962429428-3003415917
                                                                                                                                                                                                            • Opcode ID: a517e2acfc9ec3c911a585a72fe9247c1f760d1068a034a2c60c0cf2d1045db1
                                                                                                                                                                                                            • Instruction ID: 2bf4f08d6c3b0c59f3ec4365985c48e05b8eebbd7c82118a2443d43df3dbad16
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a517e2acfc9ec3c911a585a72fe9247c1f760d1068a034a2c60c0cf2d1045db1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95312872A45761BAE726B661AC42FAF775EEF01730F101206FA05BB281DE61ED4042B5
                                                                                                                                                                                                            Function 00E1041B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00E3B60C,00000000,?,?,?,00DD5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00E1042B
                                                                                                                                                                                                            • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,00E3B604,?,00DD5407,00000000,Setup), ref: 00E104CC
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00E104DC
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00DD5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00E10515
                                                                                                                                                                                                              • Part of subcall function 00DD2DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00DD2F1F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00E3B60C,?,?,00E3B604,?,00DD5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00E1056E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                                                            • String ID: logutil.cpp
                                                                                                                                                                                                            • API String ID: 4111229724-3545173039
                                                                                                                                                                                                            • Opcode ID: f21e1d1b82e069f51c5495e699dfe8f5cb1fe6e0c1c0bb68f430e789e73535e6
                                                                                                                                                                                                            • Instruction ID: 121b43cef5a9c4c017fcc9b0a668f3f64af117bcea242efb09d51a04091fc927
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f21e1d1b82e069f51c5495e699dfe8f5cb1fe6e0c1c0bb68f430e789e73535e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F319371E01319FFDB319F629C86AEA3A7AEB00754F015166FA11B6161D7B1CDC0DBA0
                                                                                                                                                                                                            Function 00DED01A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00DEAB3C,?,00000000,00000000), ref: 00DED0B8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00DED0C4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,00DEC59C,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00DED145
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to pump messages in child process., xrefs: 00DED11C
                                                                                                                                                                                                            • Failed to create elevated cache thread., xrefs: 00DED0F2
                                                                                                                                                                                                            • elevation.cpp, xrefs: 00DED0E8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorHandleLastThread
                                                                                                                                                                                                            • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
                                                                                                                                                                                                            • API String ID: 747004058-4134175193
                                                                                                                                                                                                            • Opcode ID: 13226b82f072e86d255bf512da61cc25f7de82b2dbecf0ac6ba1244fd42886a5
                                                                                                                                                                                                            • Instruction ID: 958f936b2ee054ce31c2cbd281c9395a070d9293f968aba8efac6fa77f55e5d3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13226b82f072e86d255bf512da61cc25f7de82b2dbecf0ac6ba1244fd42886a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B41C8B5E01319AF9B05DFA9D9819EEBBF9EF48350F10412AF908E7340DB7499418BA4
                                                                                                                                                                                                            Function 00DDF2DC Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 109stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD4013: CreateDirectoryW.KERNELBASE(00DD533D,00DD53B5,00000000,00000000,?,00DE9EE4,00000000,00000000,00DD533D,00000000,00DD52B5,00000000,?,?,00DDD4AC,00DD533D), ref: 00DD4021
                                                                                                                                                                                                              • Part of subcall function 00DD4013: GetLastError.KERNEL32(?,00DE9EE4,00000000,00000000,00DD533D,00000000,00DD52B5,00000000,?,?,00DDD4AC,00DD533D,00000000,00000000), ref: 00DD402F
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00E1B4F0,00000000,00000094,00000000,00000094,?,?,00DE0328,swidtag,00000094,?,00E1B508,00DE0328,00000000,?,00000000), ref: 00DDF368
                                                                                                                                                                                                              • Part of subcall function 00E14C67: CreateFileW.KERNEL32(00E1B4F0,40000000,00000001,00000000,00000002,00000080,00000000,00DE0328,00000000,?,00DDF37F,?,00000080,00E1B4F0,00000000), ref: 00E14C7F
                                                                                                                                                                                                              • Part of subcall function 00E14C67: GetLastError.KERNEL32(?,00DDF37F,?,00000080,00E1B4F0,00000000,?,00DE0328,?,00000094,?,?,?,?,?,00000000), ref: 00E14C8C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • swidtag, xrefs: 00DDF328
                                                                                                                                                                                                            • Failed to write tag xml to file: %ls, xrefs: 00DDF3A6
                                                                                                                                                                                                            • Failed to allocate regid file path., xrefs: 00DDF3C0
                                                                                                                                                                                                            • Failed to format tag folder path., xrefs: 00DDF3CE
                                                                                                                                                                                                            • Failed to allocate regid folder path., xrefs: 00DDF3C7
                                                                                                                                                                                                            • Failed to create regid folder: %ls, xrefs: 00DDF3B0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorLast$DirectoryFilelstrlen
                                                                                                                                                                                                            • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
                                                                                                                                                                                                            • API String ID: 583680227-1201533908
                                                                                                                                                                                                            • Opcode ID: 0e4f2c34ceb0d76c29537d4839d61d8f650b3ea23469c044899a906e43cd48df
                                                                                                                                                                                                            • Instruction ID: 794adb4be2f046b9e5e2826cc900772346ea1f40b49d5e540061f3b3ba83ca0f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e4f2c34ceb0d76c29537d4839d61d8f650b3ea23469c044899a906e43cd48df
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD318C32D00229FFDB11AF94DC01ADDBBB5EF04710F1581B7E912BA350E7759A909BA0
                                                                                                                                                                                                            Function 00DD7203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,00DD583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00DD7215
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,00DD583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00DD72F4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get variable: %ls, xrefs: 00DD7256
                                                                                                                                                                                                            • Failed to get value as string for variable: %ls, xrefs: 00DD72E3
                                                                                                                                                                                                            • *****, xrefs: 00DD72B0, 00DD72BD
                                                                                                                                                                                                            • Failed to get unformatted string., xrefs: 00DD7285
                                                                                                                                                                                                            • Failed to format value '%ls' of variable: %ls, xrefs: 00DD72BE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-2873099529
                                                                                                                                                                                                            • Opcode ID: d364483231326aa253f0ae0ae8eab384af2b54f79f8f90243839cc8d3dd26577
                                                                                                                                                                                                            • Instruction ID: 323d4f04db04465f57d0cb6a7d95ab05c931a8d29687c308e7ae065e68caf858
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d364483231326aa253f0ae0ae8eab384af2b54f79f8f90243839cc8d3dd26577
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F731C432A4465AFBCF115B50CC02BAEBF74EF10320F1041A6F904B6750E775EA9497E8
                                                                                                                                                                                                            Function 00DE8BE5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 00DE8C30
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001), ref: 00DE8C3A
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 00DE8C9A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to allocate administrator SID., xrefs: 00DE8C16
                                                                                                                                                                                                            • Failed to initialize ACL., xrefs: 00DE8C68
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE8C5E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileInitializeLast
                                                                                                                                                                                                            • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                                                                                                                            • API String ID: 669721577-1117388985
                                                                                                                                                                                                            • Opcode ID: 97376d595d7c66cfb965e06601c82411188266e7e1dcfdedd5992dfb17dbd775
                                                                                                                                                                                                            • Instruction ID: a262ab2961cf85b71622fac2d1a5735a3d96408dfe4cc76a920bb1cdfca4a0ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97376d595d7c66cfb965e06601c82411188266e7e1dcfdedd5992dfb17dbd775
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7121EB72E41314BFEB10AE9A9C85FDBB7A8EB44711F11412AFD05F7180DA709E00A6B0
                                                                                                                                                                                                            Function 00DD410D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,00DE3ED4,00000001,feclient.dll,?,00000000,?,?,?,00DD4A0C), ref: 00DD4148
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DE3ED4,00000001,feclient.dll,?,00000000,?,?,?,00DD4A0C,?,?,00E1B478,?,00000001), ref: 00DD4154
                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,00DE3ED4,00000001,feclient.dll,?,00000000,?,?,?,00DD4A0C,?), ref: 00DD418F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DE3ED4,00000001,feclient.dll,?,00000000,?,?,?,00DD4A0C,?,?,00E1B478,?,00000001), ref: 00DD4199
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                            • String ID: crypt32.dll$dirutil.cpp
                                                                                                                                                                                                            • API String ID: 152501406-1104880720
                                                                                                                                                                                                            • Opcode ID: 1d334397f177c31b7b19767329db1a5f28a0368473fc00d18f1fdcfa5aa4c7ff
                                                                                                                                                                                                            • Instruction ID: a35e6d8aecb161f0b7a14b1184cf0276223d68b99b969d1d3b7dfb78274b4609
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d334397f177c31b7b19767329db1a5f28a0368473fc00d18f1fdcfa5aa4c7ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F711B476A00726AFAB209AA98D84AABB6ECDF14790B154227FD04E7310E770CD4086F0
                                                                                                                                                                                                            Function 00DD9A6D Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,00DDA7A9,00000100,000002C0,000002C0,00000100), ref: 00DD9AA6
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDA7A9,00000100,000002C0,000002C0,00000100), ref: 00DD9AB1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 00DD9B1C
                                                                                                                                                                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 00DD9B06
                                                                                                                                                                                                            • Failed to format variable string., xrefs: 00DD9A91
                                                                                                                                                                                                            • Failed to set directory search path variable., xrefs: 00DD9AE1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                            • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                                                            • API String ID: 1799206407-2966038646
                                                                                                                                                                                                            • Opcode ID: 82e65ece9a215d2e4e99cdfb3c9c71178cff76ec85d743826135c20eae4a9316
                                                                                                                                                                                                            • Instruction ID: 8bd20e151d9062b5d43c96213597eecc8e3d513af196a2e12f63d985ca26ed52
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82e65ece9a215d2e4e99cdfb3c9c71178cff76ec85d743826135c20eae4a9316
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B11C333A41225FBCB126A949D12EDEFA65EF14320F225213FC10763A0D7679E50A6F1
                                                                                                                                                                                                            Function 00DD9C39 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,00DDA781,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 00DD9C72
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDA781,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00DD9C7D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • File search: %ls, did not find path: %ls, xrefs: 00DD9CE0
                                                                                                                                                                                                            • Failed to set variable to file search path., xrefs: 00DD9CD4
                                                                                                                                                                                                            • Failed to format variable string., xrefs: 00DD9C5D
                                                                                                                                                                                                            • Failed while searching file search: %ls, for path: %ls, xrefs: 00DD9CAA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                            • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                                                                                                                            • API String ID: 1799206407-3425311760
                                                                                                                                                                                                            • Opcode ID: 539a1d57754a8863786f11a97ce2c6ff147c6706e47803b6fcdf5ff861f2912b
                                                                                                                                                                                                            • Instruction ID: 344fab6562e9bcc729575e7e17b550223be07835c2184a79229471111269a895
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 539a1d57754a8863786f11a97ce2c6ff147c6706e47803b6fcdf5ff861f2912b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02110A32951224BBDF122A988E52BDDFAA9EF04720F204213FC10B6361D7769E50A7F5
                                                                                                                                                                                                            Function 00DF09B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00DF0A25
                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DF0A37
                                                                                                                                                                                                            • SetFileTime.KERNEL32(?,?,?,?), ref: 00DF0A4A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00DF0616,?,?), ref: 00DF0A59
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Invalid operation for this state., xrefs: 00DF09FE
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF09F4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                                                            • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 609741386-1751360545
                                                                                                                                                                                                            • Opcode ID: 3a3e9bd388a890746e24a200568583d52ac21fbbf8efcee792108fe70bad10d1
                                                                                                                                                                                                            • Instruction ID: bb107b8781b578a2ff06eb01312a25b20476278bc348dc4ff3c2077d84aa0c44
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a3e9bd388a890746e24a200568583d52ac21fbbf8efcee792108fe70bad10d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F21A17281061DBB87109F68DD488FA7BBCFF04720B198216F911E7591C774DA55CBA0
                                                                                                                                                                                                            Function 00E18803 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E1884C
                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00E18874
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E1887E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastTime$FileSystem
                                                                                                                                                                                                            • String ID: Qd$feclient.dll$inetutil.cpp
                                                                                                                                                                                                            • API String ID: 1528435940-2496900517
                                                                                                                                                                                                            • Opcode ID: 79cf403862f362af7e4c9fa3a02c2829857fedf7637c9be5e0b85cfc19928359
                                                                                                                                                                                                            • Instruction ID: 58479177f7a1b61dba5a80511165caecfbd0f05901dffd42835316cdb0c66807
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79cf403862f362af7e4c9fa3a02c2829857fedf7637c9be5e0b85cfc19928359
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6116372A01229AFE710DBB99D44BEBB7ECEF48250F514126AE05F7150E6308D4887F1
                                                                                                                                                                                                            Function 00E13B4A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00E13B98
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000), ref: 00E13BA2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00000000), ref: 00E13BD5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorExecuteHandleLastShell
                                                                                                                                                                                                            • String ID: <$shelutil.cpp$H\u
                                                                                                                                                                                                            • API String ID: 3023784893-4117820998
                                                                                                                                                                                                            • Opcode ID: 66021356afd18e5d1934a7975189f045c5d3790a4a2df146cddbc51533ba50c7
                                                                                                                                                                                                            • Instruction ID: ee5b098711d6ded359f8f1fc303d785f43003e38e9a71fc392e9fab3aff28995
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66021356afd18e5d1934a7975189f045c5d3790a4a2df146cddbc51533ba50c7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B911C4B5E01218AFDB10DFA9D945ADEBBF8AB08354F00412AFD05F7350E7349A048BA4
                                                                                                                                                                                                            Function 00E19555 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                            • API String ID: 0-1718035505
                                                                                                                                                                                                            • Opcode ID: d5919aa60becde33949ed297646a4033592863a5889396e2a243cefa4972fd4f
                                                                                                                                                                                                            • Instruction ID: 7dc9d23badc860ac0d5a9feb14319ad51ab16daadb2a772bf0c2c11b5cbe2715
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5919aa60becde33949ed297646a4033592863a5889396e2a243cefa4972fd4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6101D1716412219F4F325E736CA85E72B8EDB85719300A26BE612F2282D711C9C9D6B0
                                                                                                                                                                                                            Function 00E109BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00DD5D8F,00000000), ref: 00E109CF
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00E109D6
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DD5D8F,00000000), ref: 00E109ED
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                                                                                                                            • API String ID: 4275029093-1586155540
                                                                                                                                                                                                            • Opcode ID: 0a746d2c0a261b6083025fa386c9e7c037c4553ca7751e7725ec3da6fae12096
                                                                                                                                                                                                            • Instruction ID: a2ce69fe38627a7ef0a00c8ece6ea239ad8de8292fcc7a87bb237ffd3cab7a43
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a746d2c0a261b6083025fa386c9e7c037c4553ca7751e7725ec3da6fae12096
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75F04F72A00325FF97209FA69C09AEBBA98EF04751F009125BD05F7240E7B08E44C7F0
                                                                                                                                                                                                            Function 00E15D7F Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 159stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                            • String ID: Qd$dlutil.cpp$msasn1.dll
                                                                                                                                                                                                            • API String ID: 1659193697-2112083189
                                                                                                                                                                                                            • Opcode ID: 70cbaac77c24e83f93c7147fbec27a62ae2442c23da9f04b90b26c0aacf74b12
                                                                                                                                                                                                            • Instruction ID: 20daf45261d18bd2d5bf25a2406373ba5594bf57879edbb639795f46ca3c866a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70cbaac77c24e83f93c7147fbec27a62ae2442c23da9f04b90b26c0aacf74b12
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0751A133901619EFDB119FA59C88AEFBBB9EF88754F165019F901B7210DB318E8187A0
                                                                                                                                                                                                            Function 00DEF6B8 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 138COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00DEF6D0
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?), ref: 00DEF81D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • update\%ls, xrefs: 00DEF72E
                                                                                                                                                                                                            • Failed to set update bundle., xrefs: 00DEF7F3
                                                                                                                                                                                                            • Failed to recreate command-line for update bundle., xrefs: 00DEF79C
                                                                                                                                                                                                            • Failed to default local update source, xrefs: 00DEF742
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                                                                                                                            • API String ID: 3168844106-1266646976
                                                                                                                                                                                                            • Opcode ID: 057cd8098aab1edd0039124ceeda4b9355b30874ceac3e67a3b283ce31cebd04
                                                                                                                                                                                                            • Instruction ID: 147a9333b72d95c04137d949e457a548ffbe0b8affe820ce9f33602e48fbe0d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 057cd8098aab1edd0039124ceeda4b9355b30874ceac3e67a3b283ce31cebd04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2641BC72A00249FFDF12AF95CD45EAA77A4EF04310F098279F904A7161D771EDA0CBA0
                                                                                                                                                                                                            Function 00DE8AA3 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 00DE8B0F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                            • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                                                                                                                                                            • API String ID: 3472027048-398165853
                                                                                                                                                                                                            • Opcode ID: 95b110e020fc0068bf2655d51181493cf164d0a33b40da5362a1877ce1ebbd96
                                                                                                                                                                                                            • Instruction ID: 11db83ad9331338c61423399808981b862c8311c9858d6e761d575ef75d9718f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95b110e020fc0068bf2655d51181493cf164d0a33b40da5362a1877ce1ebbd96
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E31D6B2A40269BBEB11BA65DC43FBFB66CDF40710F15012AFD09F6241DE748D41A6B1
                                                                                                                                                                                                            Function 00DEE705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000082,?,?), ref: 00DEE734
                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00DEE743
                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,?), ref: 00DEE757
                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00DEE767
                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00DEE781
                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00DEE7DE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3812958022-0
                                                                                                                                                                                                            • Opcode ID: b5e7fc4f1397323018c30491c563687647632368cb2346b15563c66872829f3d
                                                                                                                                                                                                            • Instruction ID: dbc886b7dabb9af92361fd8a18d0fb66b1175826b832ebf2d70c4be40a38e8cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5e7fc4f1397323018c30491c563687647632368cb2346b15563c66872829f3d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7421A132104158BFDB117FA5DC48EAE7BA9EF49350F148514F916AA1B0C771DD20DB70
                                                                                                                                                                                                            Function 00DEC59C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unexpected elevated message sent to child process, msg: %u, xrefs: 00DEC794
                                                                                                                                                                                                            • Failed to save state., xrefs: 00DEC661
                                                                                                                                                                                                            • elevation.cpp, xrefs: 00DEC788
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandleMutexRelease
                                                                                                                                                                                                            • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                                                                                                                            • API String ID: 4207627910-1576875097
                                                                                                                                                                                                            • Opcode ID: 58ffd8996ebb8f11ccfa1f7d318322f121ae889fd0ec5550c158470f306c8c3d
                                                                                                                                                                                                            • Instruction ID: 147c5a2f7144317cca92b5575a02677e16d6bc74216f14b8dfae78fadaaa207d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58ffd8996ebb8f11ccfa1f7d318322f121ae889fd0ec5550c158470f306c8c3d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3461063A100644FFCB226F95CD41C56BBB2FF08321711D559FAAA5A632C732E961EF60
                                                                                                                                                                                                            Function 00E110C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 00E110ED
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00DE6EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00E11126
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 00E1121A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue$lstrlen
                                                                                                                                                                                                            • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                                                                            • API String ID: 3790715954-1648651458
                                                                                                                                                                                                            • Opcode ID: 29a7e3e03daa8408f330b151329352f3afc1bf9427cb1124bdcb424d41db3878
                                                                                                                                                                                                            • Instruction ID: 904471c2a7cd82f057411c40fa84cf3ea4f70e4c781711809adebc43145e0769
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29a7e3e03daa8408f330b151329352f3afc1bf9427cb1124bdcb424d41db3878
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E41A331A1121AFFDB258F95C885AEEB7B9EF48710F1141A9EE15FB210D630DD41DBA0
                                                                                                                                                                                                            Function 00E161FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E147D3: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00DE8564,00000000,00000000,00000000,00000000,00000000), ref: 00E147EB
                                                                                                                                                                                                              • Part of subcall function 00E147D3: GetLastError.KERNEL32(?,?,?,00DE8564,00000000,00000000,00000000,00000000,00000000), ref: 00E147F5
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00E15AC5,?,?,?,?,?,?,?,00010000,?), ref: 00E16263
                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,00E15AC5,?,?,?,?), ref: 00E162B5
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E15AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00E162FB
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E15AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00E16321
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$Write$Pointer
                                                                                                                                                                                                            • String ID: dlutil.cpp
                                                                                                                                                                                                            • API String ID: 133221148-2067379296
                                                                                                                                                                                                            • Opcode ID: 6d90544fed3e2385461422fb0acea25dfc4a87fd744c1d15d2f26bef9b0cb98a
                                                                                                                                                                                                            • Instruction ID: 9e306fd0cede9733ca13a08f94006606e45e9a0c854d621478f2fbe0200d160e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d90544fed3e2385461422fb0acea25dfc4a87fd744c1d15d2f26bef9b0cb98a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98416D72A00219FFEB118E98CD48BEA7BA8FF04355F154129BD14F61A0D771DDA4DBA0
                                                                                                                                                                                                            Function 00DD2436 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00E0FEE7,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E0FEE7,?,00000000,00000000), ref: 00DD247C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E0FEE7,?,00000000,00000000,0000FDE9), ref: 00DD2488
                                                                                                                                                                                                              • Part of subcall function 00DD3B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,00DD21DC,000001C7,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3B59
                                                                                                                                                                                                              • Part of subcall function 00DD3B51: HeapSize.KERNEL32(00000000,?,00DD21DC,000001C7,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3B60
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                                                            • String ID: strutil.cpp
                                                                                                                                                                                                            • API String ID: 3662877508-3612885251
                                                                                                                                                                                                            • Opcode ID: a64e120d57362bd6dc55681889bf4d66bf202aa2d8f551d865f1620fd55f75bb
                                                                                                                                                                                                            • Instruction ID: 12df4f9782c00afcf343c64b8cbbfeb8be749ec335c5a20eafda1a40ccc71572
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a64e120d57362bd6dc55681889bf4d66bf202aa2d8f551d865f1620fd55f75bb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E631C271300319AFEB109E699CC4ABB32DDEB64364B14822BFD55DB3A0EB61CC449770
                                                                                                                                                                                                            Function 00DFAAE8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 00DFABEF
                                                                                                                                                                                                            • Failed to open container: %ls., xrefs: 00DFAB2A
                                                                                                                                                                                                            • Failed to extract payload: %ls from container: %ls, xrefs: 00DFABE3
                                                                                                                                                                                                            • Failed to extract all payloads from container: %ls, xrefs: 00DFAB9C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorFileLast
                                                                                                                                                                                                            • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                                                                                                                            • API String ID: 1214770103-3891707333
                                                                                                                                                                                                            • Opcode ID: 856017b8a0ee33f7721f7f26fe4ee3130f34b33f4a80fd10325112cbb80e8f7e
                                                                                                                                                                                                            • Instruction ID: f4a0c10b42e686a4f51c6d979318b486d8bad194ae3496116365738de86655cb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 856017b8a0ee33f7721f7f26fe4ee3130f34b33f4a80fd10325112cbb80e8f7e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E31C572D0022EBBCF119AE8CC42EAE7769EF04310F218165FE15BA291D735D991DBB1
                                                                                                                                                                                                            Function 00E140C8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,00E14203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00DE9E5F,00000000), ref: 00E140ED
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000001,?,00E14203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00DE9E5F,00000000,000007D0,00000001,00000001,00000003), ref: 00E140FC
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(00000003,00000001,000007D0,00000001,00000000,?,00E14203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00DE9E5F,00000000), ref: 00E1417F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E14203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00DE9E5F,00000000,000007D0,00000001,00000001,00000003,000007D0), ref: 00E14189
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastMove
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 55378915-2967768451
                                                                                                                                                                                                            • Opcode ID: 1ea6dbd3a048f28ec7437fb2195e29f42735b0274469a6c93d19e4e04916e006
                                                                                                                                                                                                            • Instruction ID: e6aca4eb84265d3d93560d08c72c15d7bedb0e8d97d0828a9c3125268231e467
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ea6dbd3a048f28ec7437fb2195e29f42735b0274469a6c93d19e4e04916e006
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A21EEB6B02336BBDB201E658C41AFB76A9EB647A1F425126FC05B73D0D7308CC182E0
                                                                                                                                                                                                            Function 00E14212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E14315: FindFirstFileW.KERNEL32(00DF8FFA,?,000002C0,00000000,00000000), ref: 00E14350
                                                                                                                                                                                                              • Part of subcall function 00E14315: FindClose.KERNEL32(00000000), ref: 00E1435C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 00E14305
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                              • Part of subcall function 00E110C5: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 00E110ED
                                                                                                                                                                                                              • Part of subcall function 00E110C5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00DE6EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00E11126
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                                                                                                                            • API String ID: 3397690329-3978359083
                                                                                                                                                                                                            • Opcode ID: a4a4635a03139c70a91a51b7cd11160e188849edb33217810d60397111adc720
                                                                                                                                                                                                            • Instruction ID: 98c6e1f8908c9049d8fd7fe0dc60a1b335e6664d5f82793ed06a18658d670635
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4a4635a03139c70a91a51b7cd11160e188849edb33217810d60397111adc720
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A31D1B5900219EBDF21AFD1CC41AEEBBB9EF00354F54916AF904B72A1D3319AC0CB50
                                                                                                                                                                                                            Function 00DDEEF9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,00DE04CB,00000001,00000001,00000001,00DE04CB,00000000), ref: 00DDEF70
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,00DE04CB,00000001,00000001,00000001,00DE04CB,00000000,00000001,00000002,00DE04CB,00000001), ref: 00DDEF87
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • PackageVersion, xrefs: 00DDEF51
                                                                                                                                                                                                            • Failed to remove update registration key: %ls, xrefs: 00DDEFB4
                                                                                                                                                                                                            • Failed to format key for update registration., xrefs: 00DDEF26
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCompareString
                                                                                                                                                                                                            • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                                                                                                                            • API String ID: 446873843-3222553582
                                                                                                                                                                                                            • Opcode ID: d717feb686d56aeb49436f8740c87ac54ad00133130dd69522acc99a74a8b6cb
                                                                                                                                                                                                            • Instruction ID: 253504292135d301ebb0ae2a55be4b80623d6dc30bb12421ed0edea829d1b50a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d717feb686d56aeb49436f8740c87ac54ad00133130dd69522acc99a74a8b6cb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B721D832A01228BFCB11ABB5CC45EDFBFB8EF44711F25416AF911BA250D7709E80D6A0
                                                                                                                                                                                                            Function 00DF8B73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 00DF8BF7
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,00DDF66B,00000001,00000100,000001B4,00000000), ref: 00DF8C45
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to enumerate uninstall key for related bundles., xrefs: 00DF8C56
                                                                                                                                                                                                            • Failed to open uninstall registry key., xrefs: 00DF8BBA
                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00DF8B94
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCompareOpenString
                                                                                                                                                                                                            • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                            • API String ID: 2817536665-2531018330
                                                                                                                                                                                                            • Opcode ID: 09b5a554f47bab67fcc0394d52677ed8a4f1169cc537e69bdfd7c5bc72aad7ed
                                                                                                                                                                                                            • Instruction ID: 688a42034f05d3074515e308f0ce77a4175be5a63406d29e92bf08de90924e94
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09b5a554f47bab67fcc0394d52677ed8a4f1169cc537e69bdfd7c5bc72aad7ed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6721823290122CFFDB119A94DC45BFEBA69EB00361F298564FA10760A0CB754E90A6A1
                                                                                                                                                                                                            Function 00E13F04 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,00DD4CB6,00000000,?,?,00000000,?,00E14012,00000000,00DD4CB6,00000000,00000000,?,00DE83E2,?,?), ref: 00E13F1E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E14012,00000000,00DD4CB6,00000000,00000000,?,00DE83E2,?,?,00000001,00000003,000007D0,?,?,?), ref: 00E13F2C
                                                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,00DD4CB6,00000000,00DD4CB6,00000000,?,00E14012,00000000,00DD4CB6,00000000,00000000,?,00DE83E2,?,?,00000001), ref: 00E13F92
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E14012,00000000,00DD4CB6,00000000,00000000,?,00DE83E2,?,?,00000001,00000003,000007D0,?,?,?), ref: 00E13F9C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CopyErrorFileLast
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 374144340-2967768451
                                                                                                                                                                                                            • Opcode ID: c1f9716b787bb41883e3ab15a10eb59833d4d8f86f544d4aedf9cc70f597a888
                                                                                                                                                                                                            • Instruction ID: 25e38d417c58240432dd456666d9b177f3dbe2d95cba3544023b483efbaf42ab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1f9716b787bb41883e3ab15a10eb59833d4d8f86f544d4aedf9cc70f597a888
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B21C636F44636AAEB201E754C44BFB76A8EF48BA5B165026FD05FB150D720CE8282E1
                                                                                                                                                                                                            Function 00DFD047 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DFD0DC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00DFD10A
                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00DFD113
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                            • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                                                                                                                            • API String ID: 944053411-3611226795
                                                                                                                                                                                                            • Opcode ID: 63eb41864991ead1cac5980282508a5591c4fa23a5187d61e02851b833797b80
                                                                                                                                                                                                            • Instruction ID: f8f166234560d54b77bf333e64398c98bd2a12811dfb50506883b1ea4e054dd9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63eb41864991ead1cac5980282508a5591c4fa23a5187d61e02851b833797b80
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F21D3B0600309BFDB109F68D848AA9B7F6FF08314F15C629F924A7351C775A954CB61
                                                                                                                                                                                                            Function 00DD55B6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,00DD648B,00DD648B,?,00DD554A,?,?,00000000), ref: 00DD55F2
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD554A,?,?,00000000,?,00000000,00DD648B,?,00DD7DDC,?,?,?,?,?), ref: 00DD5621
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareErrorLastString
                                                                                                                                                                                                            • String ID: Failed to compare strings.$variable.cpp$version.dll
                                                                                                                                                                                                            • API String ID: 1733990998-4228644734
                                                                                                                                                                                                            • Opcode ID: cfb0dbc8c3314a8b0d41696e8952cb0504ef3a7dc06439a27f94e672a2ca84a5
                                                                                                                                                                                                            • Instruction ID: a59b2a0bd269262b254bd6245676bcd336f04500d6ef66680924378644dd1ba8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfb0dbc8c3314a8b0d41696e8952cb0504ef3a7dc06439a27f94e672a2ca84a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24212332600615EF87008FA8EC40AAAB7A4EF09760F65031AF815EB394DA30DE0187A0
                                                                                                                                                                                                            Function 00E157BF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,00DF68CE,00000000,?), ref: 00E157D5
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DF68CE,00000000,?,?,?,?,?,?,?,?,?,00DF6CE1,?,?), ref: 00E157E3
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,00DF68CE,00000000,?), ref: 00E1581D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DF68CE,00000000,?,?,?,?,?,?,?,?,?,00DF6CE1,?,?), ref: 00E15827
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                                                                                                                            • String ID: svcutil.cpp
                                                                                                                                                                                                            • API String ID: 355237494-1746323212
                                                                                                                                                                                                            • Opcode ID: 13932467d7db713455492cf9b17ac22d150de6aa774b0025382bc5195d8c778c
                                                                                                                                                                                                            • Instruction ID: df5021593ba46c3a7d04c7033ba55a9a5d74251e659ab82778bc5a8d7963cff0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13932467d7db713455492cf9b17ac22d150de6aa774b0025382bc5195d8c778c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F521E777A40624FFE7249A668D05BEB7A9CDF84790F11412AFD04FB250D761CE4096F1
                                                                                                                                                                                                            Function 00DD999B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00DD99CE
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD99D9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 00DD9A16
                                                                                                                                                                                                            • Failed to set variable., xrefs: 00DD9A4E
                                                                                                                                                                                                            • Failed to format variable string., xrefs: 00DD99C1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                            • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                                                            • API String ID: 1799206407-402580132
                                                                                                                                                                                                            • Opcode ID: 73d30a1439eb875b7cc0835c55e8443c3eba94af8675932d90d5e596f7b8f012
                                                                                                                                                                                                            • Instruction ID: f5eab1e8f4546b371e7f4ea37a499cf0b638ccc62029143f51d4be2885d8adc8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73d30a1439eb875b7cc0835c55e8443c3eba94af8675932d90d5e596f7b8f012
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE21C633E41225BBCB119AA4CC51AADF765EF14320F20A357FC10B6250E7729E909AF1
                                                                                                                                                                                                            Function 00DF08F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00DF095F
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DF0969
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to write during cabinet extraction., xrefs: 00DF0997
                                                                                                                                                                                                            • Unexpected call to CabWrite()., xrefs: 00DF0923
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF098D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 442123175-3111339858
                                                                                                                                                                                                            • Opcode ID: 52a485f3311256dee735f90324f9fc5f3db9549be6b83ac850ab3f081b660cef
                                                                                                                                                                                                            • Instruction ID: a459ec785aeb07df0bfde3b5bb932268067bc418a5ad758233b031f6924e9d1d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52a485f3311256dee735f90324f9fc5f3db9549be6b83ac850ab3f081b660cef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C21A476600204EFDB00DF6DDD85DA97BE9FF88710F194059FE04D7256E671D9008B61
                                                                                                                                                                                                            Function 00DE4880 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00DE51A4), ref: 00DE48CC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to write message type to pipe., xrefs: 00DE490E
                                                                                                                                                                                                            • Failed to allocate message to write., xrefs: 00DE48AB
                                                                                                                                                                                                            • pipe.cpp, xrefs: 00DE4904
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                                            • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                                                                                                                                                            • API String ID: 3934441357-1996674626
                                                                                                                                                                                                            • Opcode ID: 3b0e94e07fd77f61b8d27118e30a0be710ccf657dd4b689d0765218a4a0b093e
                                                                                                                                                                                                            • Instruction ID: 21de8b6117cf4aa27d93fd1db8f4f1a8c67c0ea0134e44de0f9908716211d7a8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b0e94e07fd77f61b8d27118e30a0be710ccf657dd4b689d0765218a4a0b093e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE117C72A00269BEEB11EF96ED09ADF7BE9EB44350F114166F800B2251D7709E50DAB1
                                                                                                                                                                                                            Function 00E15BBF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E15D7F: lstrlenW.KERNEL32(?), ref: 00E15E3D
                                                                                                                                                                                                              • Part of subcall function 00E15D7F: lstrlenW.KERNEL32(?), ref: 00E15E55
                                                                                                                                                                                                              • Part of subcall function 00E188BE: GetLastError.KERNEL32(?,?,Qd,00E15C11,feclient.dll,clbcatq.dll,00E1B508,00E1B4F0,HEAD,00000000,00E1B4D8,Qd,00000000,?,?,00000000), ref: 00E188E8
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00E1B478,feclient.dll,00E1B478,feclient.dll,clbcatq.dll,00E1B508,00E1B4F0,HEAD,00000000,00E1B4D8,Qd,00000000,?,?,00000000,00000000), ref: 00E15C3D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Timelstrlen$ErrorFileLastSystem
                                                                                                                                                                                                            • String ID: HEAD$Qd$clbcatq.dll$feclient.dll
                                                                                                                                                                                                            • API String ID: 451455982-2835818607
                                                                                                                                                                                                            • Opcode ID: 5da762840471cb3334b1ead4d2ddbd9b187ea096bac9981d5d2eb40af7ed7ebc
                                                                                                                                                                                                            • Instruction ID: 1f1644bfdd064f46f553e5161828f9fcb3c574f069c7f38306e8946752344a96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5da762840471cb3334b1ead4d2ddbd9b187ea096bac9981d5d2eb40af7ed7ebc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF216F7690160DEFCB01DFA4CD809EEBBB9FF89354B104169F800B3210E7319E909BA0
                                                                                                                                                                                                            Function 00DE8003 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,00DE8C10,0000001A,00000000,?,00000000,00000000), ref: 00DE804C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DE8C10,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 00DE8056
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                                                                                                                            • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                                                                                                                            • API String ID: 2186923214-2110050797
                                                                                                                                                                                                            • Opcode ID: 5a7bc1291f77f657c6dab635a2fbaae4b6ff0966be759378bd19a5ee3be9bea3
                                                                                                                                                                                                            • Instruction ID: a61308cc9c8be4d87b5b7cc92fc498c8bc9126d0c24a0b0261f485ca37eba0d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a7bc1291f77f657c6dab635a2fbaae4b6ff0966be759378bd19a5ee3be9bea3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49012B72641764BEE720B67AAC06F9B6A9CCF40B60F11511BFD08FB240EEA58E4551F1
                                                                                                                                                                                                            Function 00DFDB67 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000003E8,000004FF), ref: 00DFDB95
                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00DFDBBF
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00DFDD8F,00000000,?,?,?,00000001,00000000), ref: 00DFDBC7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • bitsengine.cpp, xrefs: 00DFDBEB
                                                                                                                                                                                                            • Failed while waiting for download., xrefs: 00DFDBF5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                                                                                                                            • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                                                                                                                            • API String ID: 435350009-228655868
                                                                                                                                                                                                            • Opcode ID: 6e35511943920df8410afd180bfe3abdede2811fa4efb20180119a92cb67c3ac
                                                                                                                                                                                                            • Instruction ID: aec38ed57774e7e847c2331c1a7db45e441cbef7b8a3b530628063245825691b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e35511943920df8410afd180bfe3abdede2811fa4efb20180119a92cb67c3ac
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A110C33B413297BE7105EA99C49EEB7BAEEF09720F124126FE04F6190D5A49E00C5F4
                                                                                                                                                                                                            Function 00DD5E0B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetComputerNameW.KERNEL32(?,00000010), ref: 00DD5E39
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD5E43
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ComputerErrorLastName
                                                                                                                                                                                                            • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 3560734967-484636765
                                                                                                                                                                                                            • Opcode ID: cd8bb9a8c2afce1a30ec0b5a1fcca781ce709ef24d07d35555bac4658cbb005c
                                                                                                                                                                                                            • Instruction ID: 2f362da8b26939e8873d82aaf5db3995ec9818e7d548811727457e515d51efd4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd8bb9a8c2afce1a30ec0b5a1fcca781ce709ef24d07d35555bac4658cbb005c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201C832B41728ABD710EBA5AC05AEFB7E8EF08710F114166FD05F7280DA749E4886F5
                                                                                                                                                                                                            Function 00DD9908 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00DD997F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to copy condition string from BSTR, xrefs: 00DD9969
                                                                                                                                                                                                            • Failed to get Condition inner text., xrefs: 00DD994F
                                                                                                                                                                                                            • Condition, xrefs: 00DD991A
                                                                                                                                                                                                            • Failed to select condition node., xrefs: 00DD9936
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                            • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                                                                                                                                                                            • API String ID: 3341692771-3600577998
                                                                                                                                                                                                            • Opcode ID: 3bc0ae25fb6cbabfc6d0f999682f4915ac91f3aa334d635c42c6a96b7fe5fac5
                                                                                                                                                                                                            • Instruction ID: b8cf760c6a6c77ec6639cbf1a7fae6ad1ad3d7d07b092f8546826176f85d5c3d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc0ae25fb6cbabfc6d0f999682f4915ac91f3aa334d635c42c6a96b7fe5fac5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1118631944328BBDB159A50CD25BEDFB689B00720F10615AF800B6250D7729E50DBE0
                                                                                                                                                                                                            Function 00DD5D71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00DD5D83
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00DD5D8F,00000000), ref: 00E109CF
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetProcAddress.KERNEL32(00000000), ref: 00E109D6
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetLastError.KERNEL32(?,?,?,00DD5D8F,00000000), ref: 00E109ED
                                                                                                                                                                                                              • Part of subcall function 00E13BF7: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00E13C24
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get 64-bit folder., xrefs: 00DD5DCD
                                                                                                                                                                                                            • Failed to set variant value., xrefs: 00DD5DE7
                                                                                                                                                                                                            • variable.cpp, xrefs: 00DD5DAD
                                                                                                                                                                                                            • Failed to get shell folder., xrefs: 00DD5DB7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                                                                                                                            • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 2084161155-3906113122
                                                                                                                                                                                                            • Opcode ID: 917b203f43d4c78bdd70dabf50f3603806837485755b36cee099d6326b5c4c0b
                                                                                                                                                                                                            • Instruction ID: f1236f0bed73380d3037be2777a2a83d44d4519fc5bb25d5cd0c8c5581311148
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 917b203f43d4c78bdd70dabf50f3603806837485755b36cee099d6326b5c4c0b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9501A531941728B7DF12A694DC0AFDE7A69DB00761F215156F800B6251DAB49E8097F1
                                                                                                                                                                                                            Function 00DD6644 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?), ref: 00DD667D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DD6687
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastPathTemp
                                                                                                                                                                                                            • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                            • API String ID: 1238063741-2915113195
                                                                                                                                                                                                            • Opcode ID: 59369fecf4649354480e9c9adfc8d27a29190b780e1d1298c6c266b58b7343ec
                                                                                                                                                                                                            • Instruction ID: 4e2df138f468700bbf6c94899f57f11b1ade254b36ed96fb6fb3f961edf19d87
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59369fecf4649354480e9c9adfc8d27a29190b780e1d1298c6c266b58b7343ec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D801C472B81328ABE710EB685C06BEA7398DB04710F1141A6FE04F7281EA649E448AF5
                                                                                                                                                                                                            Function 00E14038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E14315: FindFirstFileW.KERNEL32(00DF8FFA,?,000002C0,00000000,00000000), ref: 00E14350
                                                                                                                                                                                                              • Part of subcall function 00E14315: FindClose.KERNEL32(00000000), ref: 00E1435C
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(00DF8FFA,00000080,00000000,00DF8FFA,000000FF,00000000,?,?,00DF8FFA), ref: 00E14067
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DF8FFA), ref: 00E14071
                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00DF8FFA,00000000,00DF8FFA,000000FF,00000000,?,?,00DF8FFA), ref: 00E14090
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00DF8FFA), ref: 00E1409A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 3967264933-2967768451
                                                                                                                                                                                                            • Opcode ID: f45b8cf93475f7e3047d95d76f75f1f2b433ea4e8873259de2721f8b87475de9
                                                                                                                                                                                                            • Instruction ID: a11fe39ca9a58ed04f585054979a369d3d6ff6e6bb0a05b3c56aa7cade922942
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f45b8cf93475f7e3047d95d76f75f1f2b433ea4e8873259de2721f8b87475de9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0901D2B1A01725BBD7215EBB8D08ADB7ED8EF08764F018211FD05F22D0D7618E8095E2
                                                                                                                                                                                                            Function 00DFD7CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00DFD7E1
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00DFD826
                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?), ref: 00DFD83A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get state during job modification., xrefs: 00DFD7FA
                                                                                                                                                                                                            • Failure while sending progress during BITS job modification., xrefs: 00DFD815
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                                            • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                                                                                                                            • API String ID: 3094578987-1258544340
                                                                                                                                                                                                            • Opcode ID: a595919d0562a84f66af085c65db8beefe2576e7c46d3d81d1dd66b0f572475c
                                                                                                                                                                                                            • Instruction ID: da1e93b23072637e8ba91486d93d5289bb48242bec4010545bf6cc764202c9dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a595919d0562a84f66af085c65db8beefe2576e7c46d3d81d1dd66b0f572475c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47019232601619BFCB019F55D849AAABBAEFF08371B118156F904E7610D774ED44CBE4
                                                                                                                                                                                                            Function 00DFDA45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,00DFDBB5), ref: 00DFDA59
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000008,?,00DFDBB5), ref: 00DFDA9E
                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00DFDBB5), ref: 00DFDAB2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get BITS job state., xrefs: 00DFDA72
                                                                                                                                                                                                            • Failure while sending progress., xrefs: 00DFDA8D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                                            • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                                                                                                                                                            • API String ID: 3094578987-2876445054
                                                                                                                                                                                                            • Opcode ID: aa98dcaf929368eff8d741d1f29c7a5424468fde2cd8a6e34899cdc872bd663a
                                                                                                                                                                                                            • Instruction ID: fce867de70573925668bc331f1046571967af3ec097f9ef176d90a41bd6a51be
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa98dcaf929368eff8d741d1f29c7a5424468fde2cd8a6e34899cdc872bd663a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E01F572605619BFC701DF55D849DAABBAAFF14321B018256F909A3610D770ED04C7E9
                                                                                                                                                                                                            Function 00DFD5AF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,00DFDD19,?,?,?,?,?,00000001,00000000,?), ref: 00DFD5C9
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00DFDD19,?,?,?,?,?,00000001,00000000,?), ref: 00DFD5D4
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DFDD19,?,?,?,?,?,00000001,00000000,?), ref: 00DFD5E1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • bitsengine.cpp, xrefs: 00DFD605
                                                                                                                                                                                                            • Failed to create BITS job complete event., xrefs: 00DFD60F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                                                                                                                            • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                                                                                                                            • API String ID: 3069647169-3441864216
                                                                                                                                                                                                            • Opcode ID: 7e462e9db7d3cf4a8a28e0feddc89eda0a368b30f0570449f3a1fcd9657c555c
                                                                                                                                                                                                            • Instruction ID: 612cfa34a161fd74d66ffb49719d804c35733dc32750c9f4179654efdf720bab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e462e9db7d3cf4a8a28e0feddc89eda0a368b30f0570449f3a1fcd9657c555c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8015E72601726BFD7109F6AD805A87BED9FF49760F018126FD08E7A40E7B09854CBE4
                                                                                                                                                                                                            Function 00DDD39D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00DE6E4B,000000B8,00000000,?,00000000,76D695A0), ref: 00DDD3AC
                                                                                                                                                                                                            • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 00DDD3BB
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(000000D0,?,00DE6E4B,000000B8,00000000,?,00000000,76D695A0), ref: 00DDD3D0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • userexperience.cpp, xrefs: 00DDD3E9
                                                                                                                                                                                                            • Engine active cannot be changed because it was already in that state., xrefs: 00DDD3F3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                                                                                                                            • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                                                                                                                            • API String ID: 3376869089-1544469594
                                                                                                                                                                                                            • Opcode ID: 4de33d0ee63ef0ba1b17a2ccc24b423644b71d315ebbb517017234377cd40d5c
                                                                                                                                                                                                            • Instruction ID: 70e3ebd81f9e475f245e97388eb03bfa30c85e4cf04198d47bf4ba3150731fff
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4de33d0ee63ef0ba1b17a2ccc24b423644b71d315ebbb517017234377cd40d5c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83F0AF723403047F97106FABEC84ED773ADFB85764700442AF901E3240DA74E8098771
                                                                                                                                                                                                            Function 00E11B28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 00E11B53
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD48D4,00000001,?,?,00DD444C,?,?,?,?,00DD535E,?,?,?,?), ref: 00E11B62
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorLastProc
                                                                                                                                                                                                            • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                                                                                                                            • API String ID: 199729137-398595594
                                                                                                                                                                                                            • Opcode ID: 29126ff87383d38e4d6022c9e13bc549741ca87501fdc58f1ef6c4e52f95634e
                                                                                                                                                                                                            • Instruction ID: d68e0e3914d25d371b0f657170a79b2aff03587a8c3e8f29835892dc1d825a24
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29126ff87383d38e4d6022c9e13bc549741ca87501fdc58f1ef6c4e52f95634e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40F0D676E44735EBD32116766C0EBE62980DB00750F016162AF02F6251E7218C84C6F6
                                                                                                                                                                                                            Function 00E04897 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E04848,00000000,?,00E047E8,00000000,00E37CF8,0000000C,00E0493F,00000000,00000002), ref: 00E048B7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E048CA
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00E04848,00000000,?,00E047E8,00000000,00E37CF8,0000000C,00E0493F,00000000,00000002), ref: 00E048ED
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                            • Opcode ID: d8c4a7152e114a444e0fc53e345608a692421387f7247c599a38500a0a80fa63
                                                                                                                                                                                                            • Instruction ID: ffd44f07f76bc205593e243bf9b6d54c17c68d3564920fdf96853fe044c3b3e5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8c4a7152e114a444e0fc53e345608a692421387f7247c599a38500a0a80fa63
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F08170600208BFCB149F91DC09BEDBFB9EF04715F0080A9F905B2190DB704A84CB60
                                                                                                                                                                                                            Function 00E0C9BD Relevance: 7.7, APIs: 5, Instructions: 152fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00E0D132,?,00000000,?,00000000,00000000), ref: 00E0C9FF
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00E0CABB
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,00E0D132,00000000,?,?,?,?,?,?,?,?,?,00E0D132,?), ref: 00E0CADA
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00E0D132,00000000,?,?,?,?,?,?,?,?,?,00E0D132,?), ref: 00E0CB13
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleMultiWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 977765425-0
                                                                                                                                                                                                            • Opcode ID: caf85a62a72091d71f7b3ecb92a8e4a9c887e0051fc043925d45e327001e2a76
                                                                                                                                                                                                            • Instruction ID: b257755117942554489e49673f21159f97e7ea0db12e14a8ed6d3259648d0f0b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: caf85a62a72091d71f7b3ecb92a8e4a9c887e0051fc043925d45e327001e2a76
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E517171A002499FDB10CFA8DC85BEEBBF8EF09310F24565AE556F7291D7309985CBA0
                                                                                                                                                                                                            Function 00DE9080 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 138COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DE91C2
                                                                                                                                                                                                              • Part of subcall function 00E15587: GetLastError.KERNEL32(?,?,00DE9133,?,00000003,00000000,?), ref: 00E155A6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get certificate public key identifier., xrefs: 00DE91F0
                                                                                                                                                                                                            • Failed to find expected public key in certificate chain., xrefs: 00DE9183
                                                                                                                                                                                                            • cache.cpp, xrefs: 00DE91E6
                                                                                                                                                                                                            • Failed to read certificate thumbprint., xrefs: 00DE91B6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                                                                                                                                                            • API String ID: 1452528299-3408201827
                                                                                                                                                                                                            • Opcode ID: 75145f39375e53e6f048604663e3260d2a3e0256b1fe1bb3dbc540123f5bf80e
                                                                                                                                                                                                            • Instruction ID: 5826c29ee88260fe8a818d06d55d951470e6bf816ee3c2fa0f7dcaa00b8b7fbb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75145f39375e53e6f048604663e3260d2a3e0256b1fe1bb3dbc540123f5bf80e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1416AB1E0131AABDB10EFAAD855AAEB7B9EB08710F054029F905F7241D670ED44CBB0
                                                                                                                                                                                                            Function 00E1937F Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 00E19457
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 00E19492
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00E194AE
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00E194BB
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00E194C8
                                                                                                                                                                                                              • Part of subcall function 00E10B49: RegCloseKey.ADVAPI32(00000000), ref: 00E10CA0
                                                                                                                                                                                                              • Part of subcall function 00E10E9B: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E19444,00000001), ref: 00E10EB3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$InfoOpenQuery
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 796878624-0
                                                                                                                                                                                                            • Opcode ID: f403ae997450a7c046370feec70f48a4cfb717c833399ba9d53635af7d6ba34e
                                                                                                                                                                                                            • Instruction ID: 95a588f5f114fa49e5cfef664a36f1c2bd374a5ab304dd07a3b6a0a827171097
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f403ae997450a7c046370feec70f48a4cfb717c833399ba9d53635af7d6ba34e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF413B72C0122DFFCF22AF96CDD19EDFB79EF44364B11516AE9117A122C3324E919A90
                                                                                                                                                                                                            Function 00DD88DE Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00DD8A9E,00DD95E7,?,00DD95E7,?,?,00DD95E7,?,?), ref: 00DD88FE
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00DD8A9E,00DD95E7,?,00DD95E7,?,?,00DD95E7,?,?), ref: 00DD8906
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,00DD8A9E,00DD95E7,?,00DD95E7,?), ref: 00DD8955
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00DD8A9E,00DD95E7,?,00DD95E7,?), ref: 00DD89B7
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00DD8A9E,00DD95E7,?,00DD95E7,?), ref: 00DD89E4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString$lstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1657112622-0
                                                                                                                                                                                                            • Opcode ID: f56f5cd95e33f9482f159942e9df986713ed7aa58660c3389b782b01994279d9
                                                                                                                                                                                                            • Instruction ID: bf17467ed5ca1c908211f216e8a16dc3a6d50308e5ed73bdfda77786866c35aa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f56f5cd95e33f9482f159942e9df986713ed7aa58660c3389b782b01994279d9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB315372600149BFCB228F59CC94ABE3F6AEB49360F158017F99997310C6319990EFB2
                                                                                                                                                                                                            Function 00DD21BC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD2202
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD220E
                                                                                                                                                                                                              • Part of subcall function 00DD3B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,00DD21DC,000001C7,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3B59
                                                                                                                                                                                                              • Part of subcall function 00DD3B51: HeapSize.KERNEL32(00000000,?,00DD21DC,000001C7,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD3B60
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                                                            • String ID: strutil.cpp
                                                                                                                                                                                                            • API String ID: 3662877508-3612885251
                                                                                                                                                                                                            • Opcode ID: 955cda4d972323aef59d27186a3da2c20b43b7620c1b3b4470267d7d5595fe2a
                                                                                                                                                                                                            • Instruction ID: 4f9c12847c5eb63650d963a755010687154de1c6885d5ad61d2b138ba277a629
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 955cda4d972323aef59d27186a3da2c20b43b7620c1b3b4470267d7d5595fe2a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB31C932600215EFEB109E6ACC44AB77BD9EF65764B11422BFC55DB3A0E631CD0197B4
                                                                                                                                                                                                            Function 00DD738E Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00DD52B5,WixBundleOriginalSource,?,?,00DEA41D,00DD53B5,WixBundleOriginalSource,00DD533D,00E3AA90,?,00000000,00DD533D,?,00DE7587,?,?), ref: 00DD739A
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00DD52B5,00DD52B5,00000000,00000000,?,?,00DEA41D,00DD53B5,WixBundleOriginalSource,00DD533D,00E3AA90,?,00000000,00DD533D,?,00DE7587), ref: 00DD7401
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get value as string for variable: %ls, xrefs: 00DD73F0
                                                                                                                                                                                                            • WixBundleOriginalSource, xrefs: 00DD7396
                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 00DD73D4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                                                                                                                                                                            • API String ID: 3168844106-30613933
                                                                                                                                                                                                            • Opcode ID: 7035e2aee9656af35e8545dea2d51369f15987011fc891d736380cb04a06e19d
                                                                                                                                                                                                            • Instruction ID: e519f36d696a51f05e843207475671c5cced78efd79c29f2d5c54f1693e5632b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7035e2aee9656af35e8545dea2d51369f15987011fc891d736380cb04a06e19d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F01B132A85228FFCF115F54CC05A9E7B64EB00760F2181A6FD14AA320E7369E54A7E0
                                                                                                                                                                                                            Function 00DFCEF5 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,?,00000000,?,00DFCEEB,00000000), ref: 00DFCF10
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00DFCEEB,00000000), ref: 00DFCF1C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00E1B508,00000000,?,00000000,?,00DFCEEB,00000000), ref: 00DFCF29
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00DFCEEB,00000000), ref: 00DFCF36
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00E1B4D8,00000000,?,00DFCEEB,00000000), ref: 00DFCF45
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 260491571-0
                                                                                                                                                                                                            • Opcode ID: e989231969d2c64d0761abd7d94d3f32049f043295e1aeee85b543225fd97775
                                                                                                                                                                                                            • Instruction ID: 6687498abe2dd5f65f94ff639a2e0a32dac0b93bf9a5f640f4668d36f3c3c46b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e989231969d2c64d0761abd7d94d3f32049f043295e1aeee85b543225fd97775
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF014B72415B1DDFCB305F66D990866FBEAEF5031131AD83ED29652520C371A850DF60
                                                                                                                                                                                                            Function 00E179CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E17B2C
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E17B37
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E17B42
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                                                            • String ID: atomutil.cpp
                                                                                                                                                                                                            • API String ID: 2724874077-4059165915
                                                                                                                                                                                                            • Opcode ID: 3c68257bb7e14fac797ec9c159582c5a41c9ac465b6fa245a6f581355860af94
                                                                                                                                                                                                            • Instruction ID: a337daa43a842af3083039c50c9c9b15711babca709beefa279a64bdb5211f2f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c68257bb7e14fac797ec9c159582c5a41c9ac465b6fa245a6f581355860af94
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57518271E0822AAFDB25DB64C844FEEB7B9EF44B54F115564E945BB210DB30DE40CBA0
                                                                                                                                                                                                            Function 00E185CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00E186D8
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E186E2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$ErrorFileLastSystem
                                                                                                                                                                                                            • String ID: clbcatq.dll$timeutil.cpp
                                                                                                                                                                                                            • API String ID: 2781989572-961924111
                                                                                                                                                                                                            • Opcode ID: c18493ca2b6077d0efc6187ba3a289cdc519b381677107bb2cd2a7e436600de3
                                                                                                                                                                                                            • Instruction ID: 69c137a37ce60ded549c1f16836dae8a09da9298991d999770a9e7f542d2a04b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c18493ca2b6077d0efc6187ba3a289cdc519b381677107bb2cd2a7e436600de3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B241C371B40305BAEB249FB88E45BFFB7A9EF90704F546519B501B7290DA35CE8083B5
                                                                                                                                                                                                            Function 00E135A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VariantInit.OLEAUT32(000002C0), ref: 00E135BE
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00E135CE
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00E136AF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Variant$AllocClearInitString
                                                                                                                                                                                                            • String ID: xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 2213243845-1270936966
                                                                                                                                                                                                            • Opcode ID: 4aa02a037c459f5474084e68eaeab220dfd521253464bdb8135dd71fef6dbede
                                                                                                                                                                                                            • Instruction ID: 1e7bb1391046909d0771e2c55c44c2c951814e5ed9636c28c9afa869bc85718e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4aa02a037c459f5474084e68eaeab220dfd521253464bdb8135dd71fef6dbede
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98418F71900626ABCB11DFB9C888EEABBB8AF49710B0155A5FD05FB311D730DE408BA1
                                                                                                                                                                                                            Function 00E10D1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00DF8BD8), ref: 00E10D77
                                                                                                                                                                                                            • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00DF8BD8,00000000), ref: 00E10D99
                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,00DF8BD8,00000000,00000000,00000000), ref: 00E10DF1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Enum$InfoQuery
                                                                                                                                                                                                            • String ID: regutil.cpp
                                                                                                                                                                                                            • API String ID: 73471667-955085611
                                                                                                                                                                                                            • Opcode ID: ebd7c733900821fd2eb78c96168853cb5b117e75fc0754cee57f31e78a0b1b88
                                                                                                                                                                                                            • Instruction ID: b49d2fdff08c24da7f224f1951d6fae9664138b34d3ae2b296def9db6bb1b5d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebd7c733900821fd2eb78c96168853cb5b117e75fc0754cee57f31e78a0b1b88
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA3194B6901129FFEB218A9A8D44EFBBBACEF04354F114066BD04FB150D7719E91D6B0
                                                                                                                                                                                                            Function 00E178C5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E179AA
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00E179B5
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E179C0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                                                            • String ID: atomutil.cpp
                                                                                                                                                                                                            • API String ID: 2724874077-4059165915
                                                                                                                                                                                                            • Opcode ID: ffc83205af9ae0a53bdff1aacab676395b8501d99d67b70913be970474f8e2e0
                                                                                                                                                                                                            • Instruction ID: 050b0fee97c1f8dca5831f825d71907a81877b597406710370f0743b0c34c190
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffc83205af9ae0a53bdff1aacab676395b8501d99d67b70913be970474f8e2e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7331B872D05229BFDB129B64CC45FEEB7B8EF84B14F0251A1E981BB210D730DD849BA0
                                                                                                                                                                                                            Function 00DF88CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,00DF8C14,00000000,00000000), ref: 00DF898C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to ensure there is space for related bundles., xrefs: 00DF893F
                                                                                                                                                                                                            • Failed to open uninstall key for potential related bundle: %ls, xrefs: 00DF88FB
                                                                                                                                                                                                            • Failed to initialize package from related bundle id: %ls, xrefs: 00DF8972
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                                                                                                                            • API String ID: 47109696-1717420724
                                                                                                                                                                                                            • Opcode ID: d427571f7b31ddfe5caf15bd5b31b7ef21d95c01aa2a6a318e08b711e6aa428d
                                                                                                                                                                                                            • Instruction ID: 36e3e1cd2e9311ce6d540799b759141ce56c8df43547b53c66498cfb9fddec38
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d427571f7b31ddfe5caf15bd5b31b7ef21d95c01aa2a6a318e08b711e6aa428d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD21A43294022EFBDB128E80DC05BFEBB79EB00710F158155FA0066150DBB59E60FBA2
                                                                                                                                                                                                            Function 00DE3955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00DE3E61,feclient.dll,?,00000000,?,?,?,00DD4A0C), ref: 00DE39F1
                                                                                                                                                                                                              • Part of subcall function 00E10F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00E10FE4
                                                                                                                                                                                                              • Part of subcall function 00E10F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00E1101F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                            • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                                                                            • API String ID: 1586453840-3596319545
                                                                                                                                                                                                            • Opcode ID: 13a6b71096e2fb45b5decd58f3b7b3ed05bc27ceff81f11f6daf4dea39fe6f95
                                                                                                                                                                                                            • Instruction ID: dca3d148fa4148981c432826b042442030f589b8437ff66d0aab62e426cad073
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13a6b71096e2fb45b5decd58f3b7b3ed05bc27ceff81f11f6daf4dea39fe6f95
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6411B633B40248BBDB21AE96CD4BABEB7B8EB44741F544066E501AB051D7F19F81DB60
                                                                                                                                                                                                            Function 00E10658 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,?,00E0FF0B,?,?,00000000,00000000,0000FDE9), ref: 00E1066A
                                                                                                                                                                                                            • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,00000000,00000000,?,?,00E0FF0B,?,?,00000000,00000000,0000FDE9), ref: 00E106A6
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00E0FF0B,?,?,00000000,00000000,0000FDE9), ref: 00E106B0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                                                            • String ID: logutil.cpp
                                                                                                                                                                                                            • API String ID: 606256338-3545173039
                                                                                                                                                                                                            • Opcode ID: 123a654053a9c77ed6dcd9d0fea23cdfe77e9abc5d182f65eec42acde7935cfb
                                                                                                                                                                                                            • Instruction ID: 0e080514b8fd9704822fb729b61feddf659da8b924e0b2dabde447a9ee1f040b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 123a654053a9c77ed6dcd9d0fea23cdfe77e9abc5d182f65eec42acde7935cfb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE11C672A01324AF9310DA768C48DEFBA6CEB94760F015215FD05F7540D6B09D90C6F0
                                                                                                                                                                                                            Function 00DD1209 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00DD5137,00000000,?), ref: 00DD1247
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DD5137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00DD1251
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ArgvCommandErrorLastLine
                                                                                                                                                                                                            • String ID: apputil.cpp$ignored
                                                                                                                                                                                                            • API String ID: 3459693003-568828354
                                                                                                                                                                                                            • Opcode ID: 87b76419d151c1250797bffaeb99a0c60abbed9f55c7cdb9b70ea76abc31a11d
                                                                                                                                                                                                            • Instruction ID: 22ba4801d32cbff8466045a50544d236ce2c356bf7a3a332c4816dae61c5311c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87b76419d151c1250797bffaeb99a0c60abbed9f55c7cdb9b70ea76abc31a11d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15114C76A00229FF9B11DF99D845DAFBBE9EF44750B114156FC05E7210E7319E40DAB0
                                                                                                                                                                                                            Function 00DFCF56 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,00DFD1DC,00000000,00000000,00000000,?), ref: 00DFCF66
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?,?,00DFD1DC,00000000,00000000,00000000,?), ref: 00DFCFED
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: GetProcessHeap.KERNEL32(?,000001C7,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38E5
                                                                                                                                                                                                              • Part of subcall function 00DD38D4: RtlAllocateHeap.NTDLL(00000000,?,00DD2284,000001C7,00000001,80004005,8007139F,?,?,00E1015F,8007139F,?,00000000,00000000,8007139F), ref: 00DD38EC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to allocate memory for message data, xrefs: 00DFCFB5
                                                                                                                                                                                                            • NetFxChainer.cpp, xrefs: 00DFCFAB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                            • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                                                                                                                            • API String ID: 2993511968-1624333943
                                                                                                                                                                                                            • Opcode ID: 18448cb8a536d9f4ecdc5670badead6e3e73c3c21898318d76d453a6cf9ca987
                                                                                                                                                                                                            • Instruction ID: 0e8f36979f5436b1d5c4063751bcc362c41a7a77e81bd8f1f0f137ca79c7d87c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18448cb8a536d9f4ecdc5670badead6e3e73c3c21898318d76d453a6cf9ca987
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D11C4B1301219AFC704CF14D854E6ABBB5FF09320F158165F9149B3A1C731AC20CBB4
                                                                                                                                                                                                            Function 00DD1F78 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FormatMessageW.KERNEL32(000011FF,00DD5386,?,00000000,00000000,00000000,?,80070656,?,?,?,00DEE50B,00000000,00DD5386,00000000,80070656), ref: 00DD1FAA
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DEE50B,00000000,00DD5386,00000000,80070656,?,?,00DE3F6B,00DD5386,?,80070656,00000001,crypt32.dll), ref: 00DD1FB7
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,00DEE50B,00000000,00DD5386,00000000,80070656,?,?,00DE3F6B,00DD5386), ref: 00DD1FFE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                            • String ID: strutil.cpp
                                                                                                                                                                                                            • API String ID: 1365068426-3612885251
                                                                                                                                                                                                            • Opcode ID: 96d6078d82b61549cf2877dac1772c2b70e509baba2c00344492a4a86e18c84e
                                                                                                                                                                                                            • Instruction ID: fb39030d08bf9bf381582fbcc49b86a0a5dfbf8731ae5a381166d4f3858b65ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96d6078d82b61549cf2877dac1772c2b70e509baba2c00344492a4a86e18c84e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F115E76900228FFEB159F95CD09AEF7AA9EF08340F00416ABD01E2250E7714E14D7E0
                                                                                                                                                                                                            Function 00E14C67 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00E1B4F0,40000000,00000001,00000000,00000002,00000080,00000000,00DE0328,00000000,?,00DDF37F,?,00000080,00E1B4F0,00000000), ref: 00E14C7F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DDF37F,?,00000080,00E1B4F0,00000000,?,00DE0328,?,00000094,?,?,?,?,?,00000000), ref: 00E14C8C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,00DDF37F,?,00DDF37F,?,00000080,00E1B4F0,00000000,?,00DE0328,?,00000094), ref: 00E14CE0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 2528220319-2967768451
                                                                                                                                                                                                            • Opcode ID: bd77df823b1fe855d796ab67cbfc594087e079f36e715eba6cfe9548b5aa3e4f
                                                                                                                                                                                                            • Instruction ID: 891c7e39b43edc9c3410f8588224d3db501d28c27639c6fc50357f9e5a46172d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd77df823b1fe855d796ab67cbfc594087e079f36e715eba6cfe9548b5aa3e4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35018FB2702224ABEB216E699C05FDB7A95EB45BB0F114211FE24BB2E0C7318C5196E0
                                                                                                                                                                                                            Function 00E14840 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,00DF8A30,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 00E14874
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DF8A30,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 00E14881
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorFileLast
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 1214770103-2967768451
                                                                                                                                                                                                            • Opcode ID: fce993ae2944c504b34b0cc50bd6f06df583756ec47be5dd83df2f213bd39e8c
                                                                                                                                                                                                            • Instruction ID: 85bbcfde155508ca09f29ed8ef1df26b71daca35dee19b5ebdcbfa5d4cd5448e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fce993ae2944c504b34b0cc50bd6f06df583756ec47be5dd83df2f213bd39e8c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21018672640720BBE72126A5AC09FFB2698DB45B60F118221FE15BA2D0C6654D4593F5
                                                                                                                                                                                                            Function 00DF69A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48serviceCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ControlService.ADVAPI32(00DF68BA,00000001,?,00000001,00000000,?,?,?,?,?,?,00DF68BA,00000000), ref: 00DF69D0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,00DF68BA,00000000), ref: 00DF69DA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ControlErrorLastService
                                                                                                                                                                                                            • String ID: Failed to stop wusa service.$msuengine.cpp
                                                                                                                                                                                                            • API String ID: 4114567744-2259829683
                                                                                                                                                                                                            • Opcode ID: 91fa8c64067c24b552f282c61d8dd631ceb7b6642565abfee25d364b38a097c9
                                                                                                                                                                                                            • Instruction ID: 7bd4f838d3ad8dfa5f4939caece564263122551e474d75d16036d6404f53ce89
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91fa8c64067c24b552f282c61d8dd631ceb7b6642565abfee25d364b38a097c9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B401DB72B44328ABE714AB75AC45BEB77E5DB4C710F014139FD04FB180DA249D4586E5
                                                                                                                                                                                                            Function 00DEEA72 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009002,00000000,?), ref: 00DEEA9A
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEEAA4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post elevate message., xrefs: 00DEEAD2
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 00DEEAC8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                                                                                                                            • API String ID: 2609174426-4098423239
                                                                                                                                                                                                            • Opcode ID: a0ac68b1ec68978553e99a0fc813572598a35b6295b2afd9765b766d8d587dbe
                                                                                                                                                                                                            • Instruction ID: 651fa4c433f1ec7ce1c0526dbb68818cf041f85df3f03b10e40f9458dc27baf7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0ac68b1ec68978553e99a0fc813572598a35b6295b2afd9765b766d8d587dbe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF09636740330ABE7206A99AC09A9777C8FB04764F158239BE19FA191D7658C0187E5
                                                                                                                                                                                                            Function 00DDD7CF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 00DDD7F6
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00DD47D1,00000000,?,?,00DD5386,?,?), ref: 00DDD805
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD47D1,00000000,?,?,00DD5386,?,?), ref: 00DDD80F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • BootstrapperApplicationDestroy, xrefs: 00DDD7EE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                                                            • String ID: BootstrapperApplicationDestroy
                                                                                                                                                                                                            • API String ID: 1144718084-3186005537
                                                                                                                                                                                                            • Opcode ID: 33e32d1279a514aee8a306cdacc85e904cd3e833a1b16da93c6cb024498de24b
                                                                                                                                                                                                            • Instruction ID: ae7de16c74206240b86b25ca71833fb6a54c140ed5763c992e1748ed571c3be1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33e32d1279a514aee8a306cdacc85e904cd3e833a1b16da93c6cb024498de24b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFF04F322007009FDB215F67DC04AA7B7E9BF84362B05C52EE456D6510D775E804DB60
                                                                                                                                                                                                            Function 00DEF086 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 00DEF09B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEF0A5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post plan message., xrefs: 00DEF0D3
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 00DEF0C9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                                                                                                                            • API String ID: 2609174426-2952114608
                                                                                                                                                                                                            • Opcode ID: 362d7b5ce4b58f3119cb6f531469f39f1c243da008565fa7cc9ee49ddb02fa77
                                                                                                                                                                                                            • Instruction ID: 09c75590d0fbef81b84678c351d4a4b0eeb4c268bcaf51251c20f7dacb6de791
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 362d7b5ce4b58f3119cb6f531469f39f1c243da008565fa7cc9ee49ddb02fa77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F0A732740330BBE7202A6A6C05EC77BC8EF04BA0F018021FD0CF6191D6558D4085E5
                                                                                                                                                                                                            Function 00DEF194 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 00DEF1A9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEF1B3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post shutdown message., xrefs: 00DEF1E1
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 00DEF1D7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                                                                                                                            • API String ID: 2609174426-188808143
                                                                                                                                                                                                            • Opcode ID: 1c1237da445cdb70c31cefffdf0793d316dacb74b644341336f50b05afa2c52f
                                                                                                                                                                                                            • Instruction ID: f1bac7f4f6bbd703352a87abd119441126c3d01c2a53b7fb4f2f0016b48f69a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1237da445cdb70c31cefffdf0793d316dacb74b644341336f50b05afa2c52f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F0EC33741334BFE7206AAAAC09EC77BC8EF04B60F014025FD18F6191D6558D4086F5
                                                                                                                                                                                                            Function 00DF051A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetEvent.KERNEL32(00E1B468,00000000,?,00DF145A,?,00000000,?,00DDC121,?,00DD52FD,?,00DE73B2,?,?,00DD52FD,?), ref: 00DF0524
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DF145A,?,00000000,?,00DDC121,?,00DD52FD,?,00DE73B2,?,?,00DD52FD,?,00DD533D,00000001), ref: 00DF052E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set begin operation event., xrefs: 00DF055C
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00DF0552
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorEventLast
                                                                                                                                                                                                            • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3848097054-4159625223
                                                                                                                                                                                                            • Opcode ID: 2bfd65d968902ac9c7e908c93cc94b79e03ff980875477aa0c7a3e1f456844ef
                                                                                                                                                                                                            • Instruction ID: 2bb896629acce359ce35359769c78b7b817f8176cbf378b92d09e0c0088104fd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bfd65d968902ac9c7e908c93cc94b79e03ff980875477aa0c7a3e1f456844ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F0EC33B01734ABA71066B97C05AD776D8DF04760B024136FE05F7250E6549D4046F9
                                                                                                                                                                                                            Function 00DEE978 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 00DEE98D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEE997
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post apply message., xrefs: 00DEE9C5
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 00DEE9BB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                                                                                                                            • API String ID: 2609174426-1304321051
                                                                                                                                                                                                            • Opcode ID: 0b42ebd4974fefcdc232d80a86ec55fbd3943926bf9516dafc1b41e6a88ae001
                                                                                                                                                                                                            • Instruction ID: 6435f5073465bc352e2962ca354e79c5df35a3ee1601a7405f68144793495fc3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b42ebd4974fefcdc232d80a86ec55fbd3943926bf9516dafc1b41e6a88ae001
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18F037327417307BE7216A6AAC05EC77BC8EF04BA0F025026BD18F6191D6659D5096E5
                                                                                                                                                                                                            Function 00DEEA09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 00DEEA1E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DEEA28
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post detect message., xrefs: 00DEEA56
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 00DEEA4C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                                                                                                                            • API String ID: 2609174426-598219917
                                                                                                                                                                                                            • Opcode ID: 5f99093abacecd8b5e936b245b2cf2e32b60677b3843b89683820af91e30290e
                                                                                                                                                                                                            • Instruction ID: 493111d03b3d69ff54013e3e6180402401eecc1b68e8ab34af3e7ef10e293404
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f99093abacecd8b5e936b245b2cf2e32b60677b3843b89683820af91e30290e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9F0A732B413307FE7206A6AAC05FC77BC8EF04BA0F014125FD08F6191D6559E00C6E5
                                                                                                                                                                                                            Function 00DD4E9C Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00000000,?,00DD545F,?,?,?,?,?,?), ref: 00DD4EF6
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,00DD545F,?,?,?,?,?,?), ref: 00DD4F0A
                                                                                                                                                                                                            • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00DD545F,?,?), ref: 00DD4FF9
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00DD545F,?,?), ref: 00DD5000
                                                                                                                                                                                                              • Part of subcall function 00DD1160: LocalFree.KERNEL32(?,?,00DD4EB3,?,00000000,?,00DD545F,?,?,?,?,?,?), ref: 00DD116A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3671900028-0
                                                                                                                                                                                                            • Opcode ID: d69c313441f8697b9ebc21300ddfd5f89deee0a0696cb679bff23923664fa62f
                                                                                                                                                                                                            • Instruction ID: 10636215360c515e22bf708f6102c0179dfb0d46114e3527c57aa80632b6f063
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d69c313441f8697b9ebc21300ddfd5f89deee0a0696cb679bff23923664fa62f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E4175B1500B45ABDA20FBB5C889FDB73ECAF04355F44482AB6AAD7251DB38E5848634
                                                                                                                                                                                                            Function 00E15F0F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID: Hh$dlutil.cpp
                                                                                                                                                                                                            • API String ID: 1452528299-2710510333
                                                                                                                                                                                                            • Opcode ID: 4d229fd67f126aa2a9595532754fb5bf9c96f90e8062cb2c72e8106ada108999
                                                                                                                                                                                                            • Instruction ID: b92c513a4998cadf37d452dde116346f5cd75a26195b6ff640cd985cc0e57f4e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d229fd67f126aa2a9595532754fb5bf9c96f90e8062cb2c72e8106ada108999
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631D372A00315FBEB319EA98C48BAB7AE9EB48794F124129FD05F7250D731CD8096B0
                                                                                                                                                                                                            Function 00E13119 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00E1312C
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00E13138
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00E131AC
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E131B7
                                                                                                                                                                                                              • Part of subcall function 00E1336E: SysAllocString.OLEAUT32(?), ref: 00E13383
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocVariant$ClearFreeInit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 347726874-0
                                                                                                                                                                                                            • Opcode ID: 792625cb782e7938034dcba3d5186eb06ccb7cae69d344e4d05c6c6f5219db18
                                                                                                                                                                                                            • Instruction ID: 217e4fe3ab334975def4b97e4ddc6068ca03aeedf638fb62c899ec200f0f5d89
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 792625cb782e7938034dcba3d5186eb06ccb7cae69d344e4d05c6c6f5219db18
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4213D31A02219BFCB14DFA5C848EEEBBB9AF44715F14419CE915A7210D7319E85CBA0
                                                                                                                                                                                                            Function 00DD4B80 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00DDF7F7: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,00DD4B9F,?,?,00000001), ref: 00DDF847
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,?,?), ref: 00DD4C06
                                                                                                                                                                                                              • Part of subcall function 00E1082D: CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 00E1089A
                                                                                                                                                                                                              • Part of subcall function 00E1082D: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00E108A4
                                                                                                                                                                                                              • Part of subcall function 00E1082D: CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 00E108ED
                                                                                                                                                                                                              • Part of subcall function 00E1082D: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00E108FA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get current process path., xrefs: 00DD4BC4
                                                                                                                                                                                                            • Unable to get resume command line from the registry, xrefs: 00DD4BA5
                                                                                                                                                                                                            • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00DD4BF0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$Handle$CreateErrorLastProcess
                                                                                                                                                                                                            • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                                                                                                                                                            • API String ID: 1572399834-642631345
                                                                                                                                                                                                            • Opcode ID: cd44611b7307780b52b9012c628e82e66634207989fe43405f6588197ec6d311
                                                                                                                                                                                                            • Instruction ID: 2b13f93ddfdb1b1dcdc7df890eee984b1557ae11c2b909a44497591a6fbacfcf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd44611b7307780b52b9012c628e82e66634207989fe43405f6588197ec6d311
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C118172D01618FB8F12AB98DD01CEEFBF8EF54710B1151A7F811B2210D7718A81DBA0
                                                                                                                                                                                                            Function 00E01670 Relevance: 6.1, APIs: 4, Instructions: 54libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000800,00000FA0,00E3AE4C,?,?,00E01617,00000FA0,00E3AE4C,00000000,?,?,00E017BC,00000008,InitializeCriticalSectionEx), ref: 00E016A8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E01617,00000FA0,00E3AE4C,00000000,?,?,00E017BC,00000008,InitializeCriticalSectionEx,00E30D5C,InitializeCriticalSectionEx,00000000,?,00E0155E,00E3AE4C), ref: 00E016B4
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,00E01617,00000FA0,00E3AE4C,00000000,?,?,00E017BC,00000008,InitializeCriticalSectionEx,00E30D5C,InitializeCriticalSectionEx,00000000), ref: 00E016C2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                            • Opcode ID: da275f5c460e22934f2cde470be52a650684ceae3d8cdb632783fd3e4fb2d8aa
                                                                                                                                                                                                            • Instruction ID: 61455484bbf24343c719de569c3a6191817320b4de470537d9be70aba1a1fcac
                                                                                                                                                                                                            • Opcode Fuzzy Hash: da275f5c460e22934f2cde470be52a650684ceae3d8cdb632783fd3e4fb2d8aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1601D8317052279FC7224F76AC44AA77B98AF097A5B151674F506FB1D0DB22C844C6E4
                                                                                                                                                                                                            Function 00DFE513 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00DFE547
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00DFE556
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00DFE55F
                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00DFE56C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                            • Opcode ID: f946830e208791ceecb171367b12e07dc6e02b369cafc579fd6ad65da1b8a8bd
                                                                                                                                                                                                            • Instruction ID: 3e4612a43440dd22fe92b8b1366c24f1c56e186ccb6bc1fcef8a912f4ebc6936
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f946830e208791ceecb171367b12e07dc6e02b369cafc579fd6ad65da1b8a8bd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB119171D0110CEFCF04CFB5D9586EEBBB4EB08314F6684AAD502E7360EB308A488B50
                                                                                                                                                                                                            Function 00E08731 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00E088D5,00000000,00000000,?,00E086D8,00E088D5,00000000,00000000,00000000,?,00E088D5,00000006,FlsSetValue), ref: 00E08763
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E086D8,00E088D5,00000000,00000000,00000000,?,00E088D5,00000006,FlsSetValue,00E32208,00E32210,00000000,00000364,?,00E06130), ref: 00E0876F
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E086D8,00E088D5,00000000,00000000,00000000,?,00E088D5,00000006,FlsSetValue,00E32208,00E32210,00000000), ref: 00E0877D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                            • Opcode ID: 3c7351dc36915f7105dc768188e01b16087880a3bc43d799d1295ead698c95ab
                                                                                                                                                                                                            • Instruction ID: 9955e4a7afb8ef02b5fe4fd734ac3e060e91de69fd70c02515c96e4e0d10536b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c7351dc36915f7105dc768188e01b16087880a3bc43d799d1295ead698c95ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 590120363112269FC7214F6ADD48A973B58AF457A57384621F996F31D0DF30DC45C6E0
                                                                                                                                                                                                            Function 00DD730C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00DD7318
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00DD737F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get value as numeric for variable: %ls, xrefs: 00DD736E
                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 00DD7352
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-4270472870
                                                                                                                                                                                                            • Opcode ID: f1bed4849880491a362c72e1a58c09909481fcc24db8fa6ac6b22bfb559cc011
                                                                                                                                                                                                            • Instruction ID: 51594af1957b5b6a00cd51f9a135ff016273ba3917682be549c8b986ac30519f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1bed4849880491a362c72e1a58c09909481fcc24db8fa6ac6b22bfb559cc011
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB017C32A45228FBCF115F54DC05A9E7F69EB04724F1181A6FD14BB321E7369E50ABE0
                                                                                                                                                                                                            Function 00DD7481 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00DD748D
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00DD74F4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get value as version for variable: %ls, xrefs: 00DD74E3
                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 00DD74C7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-1851729331
                                                                                                                                                                                                            • Opcode ID: ff2c066e8a040a78d8f619bf28cdb6cf6646452f5649af17d87f54714573f943
                                                                                                                                                                                                            • Instruction ID: a3fccbe9f7fed3d27dc2704baf60f9fbfe83d3fd1e68ac23977396ec21aaed25
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff2c066e8a040a78d8f619bf28cdb6cf6646452f5649af17d87f54714573f943
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8017C32A85238BBCF125F44DC05A9E7F68AB10721F1181A6FD04BA320E7359E5497F0
                                                                                                                                                                                                            Function 00DD7410 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,00DD9752,00000000,?,00000000,00000000,00000000,?,00DD9590,00000000,?,00000000,00000000), ref: 00DD741C
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,00DD9752,00000000,?,00000000,00000000,00000000,?,00DD9590,00000000,?,00000000), ref: 00DD7472
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to copy value of variable: %ls, xrefs: 00DD7461
                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 00DD7442
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-2936390398
                                                                                                                                                                                                            • Opcode ID: 823fe93accf283a1efa12327594fbc397aff8d059ca0b668a03ee48336441a9c
                                                                                                                                                                                                            • Instruction ID: 09dd7c0735b8e7e4860f0681a348896f9f9543bf0cefe18ffce449de91bf47b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 823fe93accf283a1efa12327594fbc397aff8d059ca0b668a03ee48336441a9c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF08C32A41228BBCF126F54CC05DDE7F68EF04360F108161FD04A6320E7369A60ABE0
                                                                                                                                                                                                            Function 00E188BE Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,Qd,00E15C11,feclient.dll,clbcatq.dll,00E1B508,00E1B4F0,HEAD,00000000,00E1B4D8,Qd,00000000,?,?,00000000), ref: 00E188E8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID: Qd$feclient.dll$inetutil.cpp
                                                                                                                                                                                                            • API String ID: 1452528299-2496900517
                                                                                                                                                                                                            • Opcode ID: 38261e048ea60dd1e9cbedf582ec436003c68b41606689923cc5a2ca47b393d3
                                                                                                                                                                                                            • Instruction ID: f55b6719902bdae04b592b80e81a887f62b7231b37b04b2f02c46fefe657987b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38261e048ea60dd1e9cbedf582ec436003c68b41606689923cc5a2ca47b393d3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6F0AF72601228BBD7109F95DC08BEBBBACEB44311F008156BD05F7240EA709A4487E1
                                                                                                                                                                                                            Function 00E14661 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000101), ref: 00E147C2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                                                            • API String ID: 47109696-3023217399
                                                                                                                                                                                                            • Opcode ID: 7f3cf1220776c4323b6c61fdcbdc34c5a5dfcaef5bc6bedec178832e95f55cba
                                                                                                                                                                                                            • Instruction ID: 29c7e787da8061dae0547c4d93ebc7f08d876bdd6d4f70873c4c3781df5d85ef
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f3cf1220776c4323b6c61fdcbdc34c5a5dfcaef5bc6bedec178832e95f55cba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 714190B5E00215EBCB21DF94C9809EDBBB9EB46B14F2550AAE510BB3D1D7309E81CB50
                                                                                                                                                                                                            Function 00E10B49 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00E10CA0
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: regutil.cpp
                                                                                                                                                                                                            • API String ID: 47109696-955085611
                                                                                                                                                                                                            • Opcode ID: 91f360635532c3d8de4096d9dccd0db7b9647f2473908d7c1b6ffb16a1acd6e2
                                                                                                                                                                                                            • Instruction ID: f812e15aca5f81ccbbfd2668b39c9b8ae5a5babcda6121d80fb0b0b8de6d7cd2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91f360635532c3d8de4096d9dccd0db7b9647f2473908d7c1b6ffb16a1acd6e2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0941F632D01229FFDF215A65CD05BEEBBA5AB04314F119269ED12BB160D3B58EC0DBD0
                                                                                                                                                                                                            Function 00E10F6E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00E10FE4
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00E1101F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                            • String ID: regutil.cpp
                                                                                                                                                                                                            • API String ID: 3660427363-955085611
                                                                                                                                                                                                            • Opcode ID: 34a641fb8a7a53d67615a3feed4a959f160aac489ad30c492327d4eb182cf5f2
                                                                                                                                                                                                            • Instruction ID: b0bee79d8c50fdefc6385aee9c7840b53e81584cee4e0d252ba672c833e01a3e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34a641fb8a7a53d67615a3feed4a959f160aac489ad30c492327d4eb182cf5f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C418375D00219FFDB209E94C845AEEBBB9EF48714F1041AAEA15B7250D7318E91DBA0
                                                                                                                                                                                                            Function 00E065D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00E1B508,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 00E066A3
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E066BF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                            • String ID: comres.dll
                                                                                                                                                                                                            • API String ID: 203985260-246242247
                                                                                                                                                                                                            • Opcode ID: 3ab64ab1a6bd81a735146e6aa16534c2735238d3ca7d645844f89a92c35ca4be
                                                                                                                                                                                                            • Instruction ID: 93f15babb0befb1e9391af69a2963854a02b908f2f93bf6a4d3b24517d80922b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ab64ab1a6bd81a735146e6aa16534c2735238d3ca7d645844f89a92c35ca4be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F310831600205AFCB21AF65E885BAB7BA8DF52758F155124F814BB2D1DB32CDE0C7A1
                                                                                                                                                                                                            Function 00E18E07 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E18CFB: lstrlenW.KERNEL32(00000100,?,?,00E19098,000002C0,00000100,00000100,00000100,?,?,?,00DF7B40,?,?,000001BC,00000000), ref: 00E18D1B
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,00E1B4F0,wininet.dll,?), ref: 00E18F07
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,00E1B4F0,wininet.dll,?), ref: 00E18F14
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                              • Part of subcall function 00E10D1C: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00DF8BD8), ref: 00E10D77
                                                                                                                                                                                                              • Part of subcall function 00E10D1C: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00DF8BD8,00000000), ref: 00E10D99
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$EnumInfoOpenQuerylstrlen
                                                                                                                                                                                                            • String ID: wininet.dll
                                                                                                                                                                                                            • API String ID: 2680864210-3354682871
                                                                                                                                                                                                            • Opcode ID: ab69c43ea07d82e49fbc667b6e278aa143f071d4be11734b79bdd34a1be10889
                                                                                                                                                                                                            • Instruction ID: 0dcf2fcb7a07452de2977fa0c582c4212f2cc376aca9c541b6e8ec5e15c74125
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab69c43ea07d82e49fbc667b6e278aa143f071d4be11734b79bdd34a1be10889
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96312836C0112DFFCF21AF95CE808EEBBBAEF44354B556169E91176121DB318E90DB90
                                                                                                                                                                                                            Function 00E19220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E18CFB: lstrlenW.KERNEL32(00000100,?,?,00E19098,000002C0,00000100,00000100,00000100,?,?,?,00DF7B40,?,?,000001BC,00000000), ref: 00E18D1B
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000), ref: 00E19305
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000), ref: 00E1931F
                                                                                                                                                                                                              • Part of subcall function 00E10AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,00DE0491,?,00000000,00020006), ref: 00E10AFA
                                                                                                                                                                                                              • Part of subcall function 00E11392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,00DDF1C2,00000000,?,00020006), ref: 00E113C5
                                                                                                                                                                                                              • Part of subcall function 00E11392: RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,00DDF1C2,00000000,?,00020006,?,00020006,00020006,00000000,?,?,?), ref: 00E113F5
                                                                                                                                                                                                              • Part of subcall function 00E11344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,00DDF11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00E11359
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$Close$CreateDeletelstrlen
                                                                                                                                                                                                            • String ID: %ls\%ls
                                                                                                                                                                                                            • API String ID: 3924016894-2125769799
                                                                                                                                                                                                            • Opcode ID: 67a9437434782f1e15ace46d8406fa6b203909316539d3263bbb35383817d83b
                                                                                                                                                                                                            • Instruction ID: ae0e58b2224549dcaccd49e710cb30e8cb45c8859053a15682bed91ece0cadaa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67a9437434782f1e15ace46d8406fa6b203909316539d3263bbb35383817d83b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B310972C0112EBFCF129F95DC818EEBBB9EF04754B1551AAEA51B2121D7318E90EB90
                                                                                                                                                                                                            Function 00E11392 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,00DDF1C2,00000000,?,00020006), ref: 00E113C5
                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,00DDF1C2,00000000,?,00020006,?,00020006,00020006,00000000,?,?,?), ref: 00E113F5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$Delete
                                                                                                                                                                                                            • String ID: regutil.cpp
                                                                                                                                                                                                            • API String ID: 1738766685-955085611
                                                                                                                                                                                                            • Opcode ID: 678dfbdcf21fa6d533a0533cab539c63a88edfe717fcc84c483e62aa294ebfed
                                                                                                                                                                                                            • Instruction ID: baefad99a72a69d1bd981ccbfe6de7e3793158d01d9e06e57fe0de14f92f1941
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 678dfbdcf21fa6d533a0533cab539c63a88edfe717fcc84c483e62aa294ebfed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0111CA32E15639BBEF215E658C05BEA75A9EF04B50F014165FE10F61A0D761CD5096D0
                                                                                                                                                                                                            Function 00DDDCA5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,00DF744B,00000000,IGNOREDEPENDENCIES,00000000,?,00E1B508), ref: 00DDDCF6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • IGNOREDEPENDENCIES, xrefs: 00DDDCAD
                                                                                                                                                                                                            • Failed to copy the property value., xrefs: 00DDDD2A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                                                                                                                            • API String ID: 1825529933-1412343224
                                                                                                                                                                                                            • Opcode ID: cd1d85a2f275e1a032dd2389ddbc4c1277a4b65448f780593061b57c4fb69486
                                                                                                                                                                                                            • Instruction ID: 9ba84628146fd224d7565042112324388fb8f3c069d6ced171af57539dcbe362
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd1d85a2f275e1a032dd2389ddbc4c1277a4b65448f780593061b57c4fb69486
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF115132614315AFDF104F58CC85BA977A7EF19320F264566EA199B391C770A890C6A0
                                                                                                                                                                                                            Function 00E154F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,00DE8C90,?,00000001,20000004,00000000,00000000,?,00000000), ref: 00E15527
                                                                                                                                                                                                            • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00DE8C90,?), ref: 00E15542
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoNamedSecuritySleep
                                                                                                                                                                                                            • String ID: aclutil.cpp
                                                                                                                                                                                                            • API String ID: 2352087905-2159165307
                                                                                                                                                                                                            • Opcode ID: 03f93af3bec6cdf6816daea983f01702266acdb0a700b40f572897fb38d7a740
                                                                                                                                                                                                            • Instruction ID: af8930e53a4a3b136e08be661085b3b7efcd7e4df7c7aed3a01f11b7c984ac25
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03f93af3bec6cdf6816daea983f01702266acdb0a700b40f572897fb38d7a740
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75015E73901628FBDF229E95CD05EDE7E6AEF88760F024116BE1576120D6318EA0DBA0
                                                                                                                                                                                                            Function 00DE55BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 00DE55D9
                                                                                                                                                                                                            • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00DE5633
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to initialize COM on cache thread., xrefs: 00DE55E5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                                                                                            • String ID: Failed to initialize COM on cache thread.
                                                                                                                                                                                                            • API String ID: 3442037557-3629645316
                                                                                                                                                                                                            • Opcode ID: 60f6cc8a356804a43b10b53279cf20e220b3cccbe09f62ca8f8f4a2f27998e47
                                                                                                                                                                                                            • Instruction ID: 8f84f540cad15a3ec372008dd62e4314a88adb9cc9112b88a50dd4c7245cd1cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60f6cc8a356804a43b10b53279cf20e220b3cccbe09f62ca8f8f4a2f27998e47
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13018072600619BFCB059FA5EC80DE6FBACFF08354B508126FA08D7221DB71AD548BA0
                                                                                                                                                                                                            Function 00DD155F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LCMapStringW.KERNEL32(0000007F,00000000,00000000,00DE6EF3,00000000,00DE6EF3,00000000,00000000,00DE6EF3,00000000,00000000,00000000,?,00DD2326,00000000,00000000), ref: 00DD15A3
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00DD2326,00000000,00000000,00DE6EF3,00000200,?,00E1516B,00000000,00DE6EF3,00000000,00DE6EF3,00000000,00000000,00000000), ref: 00DD15AD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastString
                                                                                                                                                                                                            • String ID: strutil.cpp
                                                                                                                                                                                                            • API String ID: 3728238275-3612885251
                                                                                                                                                                                                            • Opcode ID: 98f9004d571ba383ddba44efe61820e02f617fd3c7f27954d2cd45eb6e163976
                                                                                                                                                                                                            • Instruction ID: b34c5605237823c5d13314e89cb2af5b92ee239e27208e9d25c23d305a08f939
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98f9004d571ba383ddba44efe61820e02f617fd3c7f27954d2cd45eb6e163976
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B01D8376407657BDB219E969C44E977AB9EF89770F010116FE15EB250D720DC1087F1
                                                                                                                                                                                                            Function 00E1388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00E138D0
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E13903
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                            • String ID: xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 344208780-1270936966
                                                                                                                                                                                                            • Opcode ID: 6f2e9828d6249f1dc450cce18ee46cc7408939d015152ded53121f1de26a8f70
                                                                                                                                                                                                            • Instruction ID: e02447d5dfc3bd8e87a82b1098d318301b89b046b19b958da35a8942228a9d96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f2e9828d6249f1dc450cce18ee46cc7408939d015152ded53121f1de26a8f70
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59018F75A40215FBEB214BA49809FFB3AA8EF85760F105025FD05B7380C6B88E4497A1
                                                                                                                                                                                                            Function 00E13803 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00E13849
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E1387C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                            • String ID: xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 344208780-1270936966
                                                                                                                                                                                                            • Opcode ID: 59e9d5eefdb5d512e42e67cf6cec4dca46eb430449c73f5db231698f25bd909b
                                                                                                                                                                                                            • Instruction ID: fffcd5bc895d756add4e315edcd7d73c927610ab7dbb994238a74e64f546a6e8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59e9d5eefdb5d512e42e67cf6cec4dca46eb430449c73f5db231698f25bd909b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2301F271640215BBEB211B658C08FFB36A8DF44764F109079FE00B7380C7B4CE8097A1
                                                                                                                                                                                                            Function 00E13AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00E1396A,?), ref: 00E13B3A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 00E13AE4
                                                                                                                                                                                                            • EnableLUA, xrefs: 00E13B0C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                                                                            • API String ID: 47109696-3551287084
                                                                                                                                                                                                            • Opcode ID: dd0c34df4601e9d0b38ac0999e44c52dd748184784249b336cc92c02952f2679
                                                                                                                                                                                                            • Instruction ID: 4019467ac0ab09dcdb128fef4466f08fbab9fd2f57e8d5d9889c6f69c288fee7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd0c34df4601e9d0b38ac0999e44c52dd748184784249b336cc92c02952f2679
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7017C32814238FFDB20AAB4C80AFEEFABCDB04725F205165E900B7110E3B45E90D6D4
                                                                                                                                                                                                            Function 00E16754 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00E167B3
                                                                                                                                                                                                              • Part of subcall function 00E185CB: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00E186D8
                                                                                                                                                                                                              • Part of subcall function 00E185CB: GetLastError.KERNEL32 ref: 00E186E2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$ErrorFileFreeLastStringSystem
                                                                                                                                                                                                            • String ID: atomutil.cpp$clbcatq.dll
                                                                                                                                                                                                            • API String ID: 211557998-3749116663
                                                                                                                                                                                                            • Opcode ID: e03e4425f14e2378054648ce41f0bd224c48416ad7606ca29ce97be72dd7f572
                                                                                                                                                                                                            • Instruction ID: 5e86a7abb449477573e7dd68e247a5f7ed02a9778012e849ad9a7f0729db36f4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e03e4425f14e2378054648ce41f0bd224c48416ad7606ca29ce97be72dd7f572
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5401A271900516FBCB209F959981CEAFBB8EB44768B54527BF50577140D3315E50D7A0
                                                                                                                                                                                                            Function 00DD6418 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00DD642A
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00DD5D8F,00000000), ref: 00E109CF
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetProcAddress.KERNEL32(00000000), ref: 00E109D6
                                                                                                                                                                                                              • Part of subcall function 00E109BB: GetLastError.KERNEL32(?,?,?,00DD5D8F,00000000), ref: 00E109ED
                                                                                                                                                                                                              • Part of subcall function 00DD5BF0: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00DD5C77
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get 64-bit folder., xrefs: 00DD644D
                                                                                                                                                                                                            • Failed to set variant value., xrefs: 00DD6467
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                                                            • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                                                                                                                            • API String ID: 3109562764-2681622189
                                                                                                                                                                                                            • Opcode ID: fa13afa35680fbe99c5ec8c182b47cf294777c1df5b831d32be45927ba3884e0
                                                                                                                                                                                                            • Instruction ID: dab3fb3a7a70fb5dbec7478c48c22d8a897f94e72070aee732fac850eb68ad8d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa13afa35680fbe99c5ec8c182b47cf294777c1df5b831d32be45927ba3884e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A016232905228BBCF11EB94DC05AEE7B68EF04721F218256F940B6252D6759E80D6E0
                                                                                                                                                                                                            Function 00DD33D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00DD10DD,?,00000000), ref: 00DD33F8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DD10DD,?,00000000), ref: 00DD340F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                            • String ID: pathutil.cpp
                                                                                                                                                                                                            • API String ID: 2776309574-741606033
                                                                                                                                                                                                            • Opcode ID: 6011b591227fadb02596be026c98ff7db4009a5a08cd807276c63cb4d15f9119
                                                                                                                                                                                                            • Instruction ID: 881f27a75db50b09227c4f28c0407331357eb7b6d7761b72a62e0416148d4178
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6011b591227fadb02596be026c98ff7db4009a5a08cd807276c63cb4d15f9119
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F0F633B413347BE7225A6A9C48E87BA9DDF45760B024123FD05FB250C765CD0082F1
                                                                                                                                                                                                            Function 00DE0598 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E10E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00E15699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00E10E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000,?,?,00DFBB7C,00000101,?), ref: 00DE05EF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to update resume mode., xrefs: 00DE05D9
                                                                                                                                                                                                            • Failed to open registration key., xrefs: 00DE05BF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: Failed to open registration key.$Failed to update resume mode.
                                                                                                                                                                                                            • API String ID: 47109696-3366686031
                                                                                                                                                                                                            • Opcode ID: 5d18e57e6dae819c55366204b9baf42013ab3e1914bd3b4f2094dab8a1032a93
                                                                                                                                                                                                            • Instruction ID: 76e261bd783fd68f9a033b10e1e6a17cb157dc1d29cc2cec1529c3f02fd92268
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d18e57e6dae819c55366204b9baf42013ab3e1914bd3b4f2094dab8a1032a93
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04F0C832A41239BBCB22AA95DC02BDEBB69EB04790F140156F500B6150DBB5AF90D6E0
                                                                                                                                                                                                            Function 00E148CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,769234C0,?,?,?,00DDB919,?,?,?,00000000,00000000), ref: 00E148E3
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00DDB919,?,?,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 00E148ED
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastSize
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 464720113-2967768451
                                                                                                                                                                                                            • Opcode ID: 31128850c62e3426487e499d99aa2f58f24819869a7b42b91797eef37d3fca85
                                                                                                                                                                                                            • Instruction ID: 8374398c254893698b1073dfc3b71ad88f26c79b0bb5d5520305ebd5bc93e675
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31128850c62e3426487e499d99aa2f58f24819869a7b42b91797eef37d3fca85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEF044B1A00225BF97109F5998059ABFBECEF49750B01811AFC05E7350D771AD14C7E1
                                                                                                                                                                                                            Function 00E13C58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36comCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,00DD535E,?,00000000,00DD535E,?,?,?), ref: 00E13C7F
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00000000,00000000,00000001,00E36F3C,?), ref: 00E13C97
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Microsoft.Update.AutoUpdate, xrefs: 00E13C7A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateFromInstanceProg
                                                                                                                                                                                                            • String ID: Microsoft.Update.AutoUpdate
                                                                                                                                                                                                            • API String ID: 2151042543-675569418
                                                                                                                                                                                                            • Opcode ID: 0ab8d360bc5203bf4ce4085e0506493bc4cea2a1450f7d228f3ed43400001a9d
                                                                                                                                                                                                            • Instruction ID: deb6d20d30da327faa7cd0c18ad0ef47fceb36c265b8444ba1308db321941db7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ab8d360bc5203bf4ce4085e0506493bc4cea2a1450f7d228f3ed43400001a9d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2F0307160020CBFDB00DFB9DD499FBBBA9EB09710F514065EA01F7150D670AA4886A2
                                                                                                                                                                                                            Function 00E130BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00E130D4
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E13104
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                            • String ID: xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 344208780-1270936966
                                                                                                                                                                                                            • Opcode ID: f9f96bbda6acf138543c9570fb875862ae726c224c40d792c89965a5dc017e16
                                                                                                                                                                                                            • Instruction ID: 0ac9c22a1c16469f5f80230196941a9f9bdc260c882131b58136655567091566
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9f96bbda6acf138543c9570fb875862ae726c224c40d792c89965a5dc017e16
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2F0B435241658FBC7215E249C09FEF7BA5EB44B60F154029FC0477210C7758E509AA0
                                                                                                                                                                                                            Function 00E1336E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00E13383
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E133B3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                            • String ID: xmlutil.cpp
                                                                                                                                                                                                            • API String ID: 344208780-1270936966
                                                                                                                                                                                                            • Opcode ID: eb4e0f2e1c6217b3ec8d0755db09c54b22215e063d198b802428e718f85c7754
                                                                                                                                                                                                            • Instruction ID: ebc09acbc71ecb74dca0dab9c7b82ac79abc85e8c19d774e6d40b761a7f0196e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb4e0f2e1c6217b3ec8d0755db09c54b22215e063d198b802428e718f85c7754
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57F0B435200218EBC7220E299C08EEB7BA8EB84760F104029FC34B7210CB74CE54DAE4
                                                                                                                                                                                                            Function 00E11344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,00DDF11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00E11359
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • regutil.cpp, xrefs: 00E11381
                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00E11347
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$regutil.cpp
                                                                                                                                                                                                            • API String ID: 3702945584-2416625845
                                                                                                                                                                                                            • Opcode ID: 51c237351788dc8870474f4800edfe91d76c730b2ae2bad27c909a4a01c83fb1
                                                                                                                                                                                                            • Instruction ID: 70172f0fa180cf2199751d60745e77212844830f78dc8abbf68f1f774de19077
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51c237351788dc8870474f4800edfe91d76c730b2ae2bad27c909a4a01c83fb1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0E06DB2B403397BE7205AA65C09FD77E8CDB04AA0F024121BF08EA1A0D261CD10C2F4
                                                                                                                                                                                                            Function 00E10CD1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00E10CF2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.66833142083.0000000000DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833101736.0000000000DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833225939.0000000000E1B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833277628.0000000000E3A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.66833320474.0000000000E3E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_dd0000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                            • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                            • API String ID: 190572456-850864035
                                                                                                                                                                                                            • Opcode ID: ab9cab743a2d500f0b7848ee857fa060a56e37638c70ddbad9041981233e6972
                                                                                                                                                                                                            • Instruction ID: afb2415da3d2825a0262766d63972bf64b96428005157baf12716b1914cc45c2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab9cab743a2d500f0b7848ee857fa060a56e37638c70ddbad9041981233e6972
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FE0B6B0645B28AFC7149F76BC1FA453E90AB58B15B019129EA07B6262DBB15848CBA0

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00373BC3 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 311fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 425 373bc3-373c50 call 39f670 * 2 GetFileAttributesW 430 373c84-373c87 425->430 431 373c52-373c6d GetLastError 425->431 433 373fd3 430->433 434 373c8d-373c90 430->434 431->430 432 373c6f-373c70 431->432 435 373c75-373c7f call 3737d3 432->435 436 373fd8-373fe1 433->436 437 373c92-373ca5 SetFileAttributesW 434->437 438 373cc9-373cd0 434->438 443 373fea-373ff1 435->443 442 373fe3-373fe4 FindClose 436->442 436->443 437->438 444 373ca7-373cc7 GetLastError 437->444 439 373cd2-373cd9 438->439 440 373cdf-373ce7 438->440 439->440 445 373f57 439->445 446 373d24-373d3f call 372d79 440->446 447 373ce9-373cfd GetTempPathW 440->447 442->443 449 373ff3-373ff9 call 3b54ef 443->449 450 373ffe-374010 call 39de36 443->450 444->435 451 373f5d-373f6b RemoveDirectoryW 445->451 446->443 461 373d45-373d61 FindFirstFileW 446->461 447->446 452 373cff-373d1f GetLastError 447->452 449->450 451->436 457 373f6d-373f83 GetLastError 451->457 452->435 459 373f85-373f87 457->459 460 373f9f-373fa1 457->460 462 373fa3-373fa9 459->462 463 373f89-373f9b MoveFileExW 459->463 460->436 460->462 464 373d63-373d7e GetLastError 461->464 465 373d88-373d92 461->465 467 373ef9-373f03 call 3737d3 462->467 463->462 466 373f9d 463->466 464->465 468 373d94-373d9d 465->468 469 373db9-373ddf call 372d79 465->469 466->460 467->436 472 373da3-373daa 468->472 473 373ebc-373ecc FindNextFileW 468->473 469->436 479 373de5-373df2 469->479 472->469 478 373dac-373db3 472->478 475 373ece-373ed4 473->475 476 373f4c-373f51 GetLastError 473->476 475->465 480 373f53-373f55 476->480 481 373fae-373fce GetLastError 476->481 478->469 478->473 482 373df4-373df6 479->482 483 373e21-373e28 479->483 480->451 481->467 482->483 484 373df8-373e08 call 372b2e 482->484 485 373eb6 483->485 486 373e2e-373e30 483->486 484->436 493 373e0e-373e17 call 373bc3 484->493 485->473 488 373e32-373e45 SetFileAttributesW 486->488 489 373e4b-373e59 DeleteFileW 486->489 488->489 491 373ed9-373ef4 GetLastError 488->491 489->485 492 373e5b-373e5d 489->492 491->467 494 373e63-373e80 GetTempFileNameW 492->494 495 373f2a-373f4a GetLastError 492->495 501 373e1c 493->501 496 373e86-373ea3 MoveFileExW 494->496 497 373f08-373f28 GetLastError 494->497 495->467 499 373ea5-373eac 496->499 500 373eae 496->500 497->467 502 373eb4 MoveFileExW 499->502 500->502 501->485 502->485
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?), ref: 00373C3F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373C52
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000000,?,?), ref: 00373C9D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373CA7
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000000,?,?), ref: 00373CF5
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373CFF
                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000000,?,?), ref: 00373D52
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373D63
                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000000,?,?), ref: 00373E3D
                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?), ref: 00373E51
                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000000,?,?), ref: 00373E78
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000000,?,?), ref: 00373E9B
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000000,?,?), ref: 00373EB4
                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000000,?,?), ref: 00373EC4
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373ED9
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373F08
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373F2A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373F4C
                                                                                                                                                                                                            • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000000,?,?), ref: 00373F63
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373F6D
                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000000,?,?), ref: 00373F93
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373FAE
                                                                                                                                                                                                            • FindClose.KERNEL32(000000FF,?,?,?,00000000,?,?), ref: 00373FE4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                                                                            • String ID: *.*$DEL$dirutil.cpp
                                                                                                                                                                                                            • API String ID: 1544372074-1252831301
                                                                                                                                                                                                            • Opcode ID: e43bba32068682f6e9756139d173ccb86fc7f65a1ae3bbbf0d0f0188ac55f915
                                                                                                                                                                                                            • Instruction ID: 530a0fbdfea3fc2922f72e159cd4abd6eb8f19b1ab1c100258b9233ac8a1fa5f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e43bba32068682f6e9756139d173ccb86fc7f65a1ae3bbbf0d0f0188ac55f915
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CB1DE72E012359AEB335A758C44BEAB6F9EF44750F0142A5ED0DF7190DB768E80DBA0
                                                                                                                                                                                                            Function 003869CC Relevance: 33.6, APIs: 6, Strings: 13, Instructions: 358synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1007 3869cc-386a2d call 37550f call 37d39d 1012 386a2f-386a3c call 3b012f 1007->1012 1013 386a41-386a94 call 39bc8f call 37d58b 1007->1013 1018 386d85-386d95 call 39bcef 1012->1018 1032 386abb-386abf 1013->1032 1033 386a96-386aa6 call 3737d3 1013->1033 1022 386da9-386dad 1018->1022 1023 386d97-386da3 ReleaseMutex CloseHandle 1018->1023 1025 386dbb-386dbd 1022->1025 1026 386daf-386db6 call 37d443 1022->1026 1023->1022 1029 386dbf-386dc0 CloseHandle 1025->1029 1030 386dc6-386ddc 1025->1030 1026->1025 1029->1030 1041 386dde 1030->1041 1042 386de5-386dff call 383c30 call 384224 call 37550f 1030->1042 1034 386ae0-386aef call 39badf 1032->1034 1035 386ac1-386ade call 37d742 1032->1035 1043 386aab-386aac call 3b012f 1033->1043 1050 386af8-386b16 call 39bad3 call 39bcc0 1034->1050 1051 386af1-386af6 1034->1051 1049 386ab3-386ab6 1035->1049 1041->1042 1060 386e04-386e0f 1042->1060 1053 386ab1-386ab2 1043->1053 1049->1018 1061 386b18-386b1d 1050->1061 1062 386b1f-386b27 1050->1062 1051->1043 1053->1049 1061->1043 1063 386b29-386b2f 1062->1063 1064 386b52-386b5a 1062->1064 1063->1064 1065 386b31-386b37 1063->1065 1066 386b8b-386b91 1064->1066 1067 386b5c-386b74 call 389762 1064->1067 1065->1064 1070 386b39-386b3f 1065->1070 1068 386bec-386bf2 1066->1068 1069 386b93-386ba3 call 387297 1066->1069 1076 386b79-386b7d 1067->1076 1074 386c1e-386c24 1068->1074 1075 386bf4-386bf5 call 39bae4 1068->1075 1085 386baf-386bce call 38cd9a 1069->1085 1086 386ba5-386baa 1069->1086 1070->1064 1073 386b41-386b4d call 37550f 1070->1073 1073->1053 1078 386c2a-386c50 CreateThread 1074->1078 1079 386cbc 1074->1079 1090 386bfa-386bfe 1075->1090 1082 386b89 1076->1082 1083 386b7f-386b84 1076->1083 1087 386c92-386c9a 1078->1087 1088 386c52-386c80 GetLastError call 3737d3 1078->1088 1084 386cbf-386cc5 1079->1084 1082->1066 1083->1043 1091 386cf1-386cf3 1084->1091 1092 386cc7-386cdd call 39b98b 1084->1092 1100 386bd3-386bd7 1085->1100 1086->1043 1087->1084 1095 386c9c-386c9d call 3867b0 1087->1095 1109 386c85-386c8d call 3b012f 1088->1109 1096 386c00-386c10 call 3b012f 1090->1096 1097 386c15-386c1c 1090->1097 1102 386d01-386d03 1091->1102 1103 386cf5-386cfd call 3867b0 1091->1103 1106 386ce2-386cec call 37d51c 1092->1106 1113 386ca2-386ca6 1095->1113 1114 386d74-386d78 1096->1114 1097->1074 1107 386bd9 1100->1107 1108 386be3-386bea 1100->1108 1111 386d39-386d3d 1102->1111 1112 386d05-386d09 1102->1112 1103->1111 1125 386cff 1103->1125 1106->1091 1107->1108 1108->1068 1109->1111 1111->1114 1115 386d3f-386d43 1111->1115 1112->1111 1119 386d0b-386d0f 1112->1119 1120 386ca8-386cad 1113->1120 1121 386caf-386cba CloseHandle 1113->1121 1114->1018 1126 386d7a-386d80 call 38ce6d 1114->1126 1122 386d52-386d54 1115->1122 1123 386d45-386d4c 1115->1123 1119->1111 1127 386d11-386d15 1119->1127 1120->1109 1121->1084 1131 386d55-386d57 1122->1131 1123->1122 1130 386d4e-386d50 1123->1130 1125->1102 1126->1018 1127->1111 1129 386d17-386d1e 1127->1129 1129->1111 1132 386d20-386d34 call 39b962 1129->1132 1130->1131 1133 386d59-386d5d 1131->1133 1134 386d63-386d65 1131->1134 1132->1111 1133->1134 1136 386d5f-386d61 1133->1136 1137 386d66-386d6f call 39bcfb 1134->1137 1136->1137 1137->1114
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0037D39D: EnterCriticalSection.KERNEL32(?,?,00000000,?,?,0039B2BB,?,00000000,?,0039967A,00000000,00000000,00000001,00000000,00000001,?), ref: 0037D3AC
                                                                                                                                                                                                              • Part of subcall function 0037D39D: InterlockedCompareExchange.KERNEL32(00000028,00000001,00000000), ref: 0037D3BB
                                                                                                                                                                                                              • Part of subcall function 0037D39D: LeaveCriticalSection.KERNEL32(?,?,0039B2BB,?,00000000,?,0039967A,00000000,00000000,00000001,00000000,00000001,?,?,?,?), ref: 0037D3D0
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 00386D9A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00386DA3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(@G7,?,00000000,?,00000000,00000001,00000000), ref: 00386DC0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCriticalHandleSection$CompareEnterExchangeInterlockedLeaveMutexRelease
                                                                                                                                                                                                            • String ID: @G7$Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                                                                                                                            • API String ID: 322611130-1594771933
                                                                                                                                                                                                            • Opcode ID: 5a1ec23698fff04931b19ba3de5e566e6c88570f230c9e40067733a93814604a
                                                                                                                                                                                                            • Instruction ID: 1f8d4cdca65705da9adade2d1c768b9bc787e6e19ddb753810f17e59433184c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a1ec23698fff04931b19ba3de5e566e6c88570f230c9e40067733a93814604a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1C1A2B1A01716ABDF1BABA0C846FEEB7BCFF04305F00426EF515A6140DB74AD548B90
                                                                                                                                                                                                            Function 00371070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003733D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,00000000,00000000,?,0039AD27,00000001,00000000,?,WixBundleSourceProcessPath,00000001,?), ref: 003733F8
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 003710F6
                                                                                                                                                                                                              • Part of subcall function 00371174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0037111A,cabinet.dll,00000009,?,?,00000000), ref: 00371185
                                                                                                                                                                                                              • Part of subcall function 00371174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,0037111A,cabinet.dll,00000009,?,?,00000000), ref: 00371190
                                                                                                                                                                                                              • Part of subcall function 00371174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0037119E
                                                                                                                                                                                                              • Part of subcall function 00371174: GetLastError.KERNEL32(?,?,?,?,0037111A,cabinet.dll,00000009,?,?,00000000), ref: 003711B9
                                                                                                                                                                                                              • Part of subcall function 00371174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 003711C1
                                                                                                                                                                                                              • Part of subcall function 00371174: GetLastError.KERNEL32(?,?,?,?,0037111A,cabinet.dll,00000009,?,?,00000000), ref: 003711D6
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,003BB4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 00371131
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                                                                            • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                                                                            • API String ID: 3687706282-3151496603
                                                                                                                                                                                                            • Opcode ID: 86f312aa18e6ad8e18185dc0fdd0839585a43cd4fb50787d930c176ad6ffcd69
                                                                                                                                                                                                            • Instruction ID: 9c696b67f3883bf2258a6af30647d2bf73527f742dbdf293672c1c7c82e0d639
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86f312aa18e6ad8e18185dc0fdd0839585a43cd4fb50787d930c176ad6ffcd69
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C21767590020CAFDB129FA9DC45BEEFBB8FF05714F504115EA14BB291DBB45904CBA0
                                                                                                                                                                                                            Function 003AFDC2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 130threadtimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(003DB60C,00000000,00000000,?,?,0038A1AD,00000000,00000001,00000000,00000000,?,?), ref: 003AFDF0
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,?,0038A1AD,00000000,00000001,00000000,00000000,?,?), ref: 003AFE00
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 003AFE09
                                                                                                                                                                                                            • GetLocalTime.KERNEL32(00000001,?,?,0038A1AD,00000000,00000001,00000000,00000000,?,?), ref: 003AFE1F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(003DB60C,0038A1AD,00000000,00000000,0000FDE9,?,?,0038A1AD), ref: 003AFF12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                                                            • String ID: $c=$%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$(c=$,c=$0c=
                                                                                                                                                                                                            • API String ID: 296830338-2351622647
                                                                                                                                                                                                            • Opcode ID: f71767f4324d4b0fe08bc1844a0de2549b70882b9ccf8d78a490dbfad70fc54b
                                                                                                                                                                                                            • Instruction ID: 09dd76c81b3669dae5e89fe10bda7ec99d210a53e57e126b4d7cac716750ee99
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f71767f4324d4b0fe08bc1844a0de2549b70882b9ccf8d78a490dbfad70fc54b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D417176D01219EFDB229BE4DC45ABEB7F8EB09711F114126FA01E6260D7388D40CBA1
                                                                                                                                                                                                            Function 0038993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,*.*,?,?,?,00000000,.unverified,?), ref: 003899ED
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00389A14
                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00389A74
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00389A7F
                                                                                                                                                                                                              • Part of subcall function 00373BC3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?), ref: 00373C3F
                                                                                                                                                                                                              • Part of subcall function 00373BC3: GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 00373C52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                                                                                                                            • String ID: *.*$.unverified
                                                                                                                                                                                                            • API String ID: 457978746-2528915496
                                                                                                                                                                                                            • Opcode ID: a70a0f9884c5e876fbce387fc635b87d38392b1ae314868c3f3dbeba22c862cd
                                                                                                                                                                                                            • Instruction ID: 24bc7d6315b4587e2db5683180461bab0cec5ea0b44105799239e390355a0c30
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a70a0f9884c5e876fbce387fc635b87d38392b1ae314868c3f3dbeba22c862cd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A41617190066CAEDF26BB64DC49BFAB7B8AF44305F5401E6E908E50A0EB758EC4DF14
                                                                                                                                                                                                            Function 003A4812 Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,003A47E8,00000000,003D7CF8,0000000C,003A493F,00000000,00000002,00000000), ref: 003A4833
                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,003A47E8,00000000,003D7CF8,0000000C,003A493F,00000000,00000002,00000000), ref: 003A483A
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 003A484C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                            • Opcode ID: b6c7f9525b7c355237b9872159a6f61f5b99e0bf0009b3f3a23d577bd277926a
                                                                                                                                                                                                            • Instruction ID: e3e8ed3108db3420f6830e8d0b49cb1cc497022a4eeceb35996e9016908ca7b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6c7f9525b7c355237b9872159a6f61f5b99e0bf0009b3f3a23d577bd277926a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DE09231400688AFCF126F55ED09A5A7B6DEB92385F050524F9059B122CBBAE942DA84
                                                                                                                                                                                                            Function 003B4315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 003B4350
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 003B435C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                            • Opcode ID: 82c993d7b5682575e159d69043f56c3d717a03a33e2cb1c6ad424143d609daa4
                                                                                                                                                                                                            • Instruction ID: 5de9fd62e0effd3220b82d416f8dd69aaa7c190c652e18911db3e783c87f9ba9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82c993d7b5682575e159d69043f56c3d717a03a33e2cb1c6ad424143d609daa4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D01F975A00208ABDF11EF79DD89DAAF3ACEBC5315F000165FA18D7641DB305D5D8B54
                                                                                                                                                                                                            Function 0037F86E Relevance: 117.7, APIs: 3, Strings: 64, Instructions: 445COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 0 37f86e-37f8a4 call 3b388a 3 37f8a6-37f8b3 call 3b012f 0->3 4 37f8b8-37f8d1 call 3b31c7 0->4 9 37fda0-37fda5 3->9 10 37f8d3-37f8d8 4->10 11 37f8dd-37f8f2 call 3b31c7 4->11 12 37fda7-37fda9 9->12 13 37fdad-37fdb2 9->13 14 37fd97-37fd9e call 3b012f 10->14 22 37f8f4-37f8f9 11->22 23 37f8fe-37f90b call 37e936 11->23 12->13 16 37fdb4-37fdb6 13->16 17 37fdba-37fdbf 13->17 28 37fd9f 14->28 16->17 20 37fdc7-37fdcb 17->20 21 37fdc1-37fdc3 17->21 25 37fdd5-37fddc 20->25 26 37fdcd-37fdd0 call 3b54ef 20->26 21->20 22->14 31 37f917-37f92c call 3b31c7 23->31 32 37f90d-37f912 23->32 26->25 28->9 35 37f92e-37f933 31->35 36 37f938-37f94a call 3b4b5a 31->36 32->14 35->14 39 37f94c-37f954 36->39 40 37f959-37f96e call 3b31c7 36->40 41 37fc23-37fc2c call 3b012f 39->41 45 37f970-37f975 40->45 46 37f97a-37f98f call 3b31c7 40->46 41->28 45->14 50 37f991-37f996 46->50 51 37f99b-37f9ad call 3b33db 46->51 50->14 54 37f9af-37f9b4 51->54 55 37f9b9-37f9cf call 3b388a 51->55 54->14 58 37f9d5-37f9d7 55->58 59 37fc7e-37fc98 call 37ebb2 55->59 60 37f9e3-37f9f8 call 3b33db 58->60 61 37f9d9-37f9de 58->61 66 37fca4-37fcbc call 3b388a 59->66 67 37fc9a-37fc9f 59->67 68 37fa04-37fa19 call 3b31c7 60->68 69 37f9fa-37f9ff 60->69 61->14 73 37fd86-37fd87 call 37efe5 66->73 74 37fcc2-37fcc4 66->74 67->14 76 37fa1b-37fa1d 68->76 77 37fa29-37fa3e call 3b31c7 68->77 69->14 84 37fd8c-37fd90 73->84 78 37fcc6-37fccb 74->78 79 37fcd0-37fcee call 3b31c7 74->79 76->77 81 37fa1f-37fa24 76->81 88 37fa40-37fa42 77->88 89 37fa4e-37fa63 call 3b31c7 77->89 78->14 90 37fcf0-37fcf5 79->90 91 37fcfa-37fd12 call 3b31c7 79->91 81->14 84->28 87 37fd92 84->87 87->14 88->89 92 37fa44-37fa49 88->92 99 37fa65-37fa67 89->99 100 37fa73-37fa88 call 3b31c7 89->100 90->14 97 37fd14-37fd16 91->97 98 37fd1f-37fd37 call 3b31c7 91->98 92->14 97->98 101 37fd18-37fd1d 97->101 107 37fd44-37fd5c call 3b31c7 98->107 108 37fd39-37fd3b 98->108 99->100 102 37fa69-37fa6e 99->102 109 37fa8a-37fa8c 100->109 110 37fa98-37faad call 3b31c7 100->110 101->14 102->14 117 37fd65-37fd7d call 3b31c7 107->117 118 37fd5e-37fd63 107->118 108->107 114 37fd3d-37fd42 108->114 109->110 111 37fa8e-37fa93 109->111 119 37faaf-37fab1 110->119 120 37fabd-37fad2 call 3b31c7 110->120 111->14 114->14 117->73 126 37fd7f-37fd84 117->126 118->14 119->120 122 37fab3-37fab8 119->122 127 37fad4-37fad6 120->127 128 37fae2-37faf7 call 3b31c7 120->128 122->14 126->14 127->128 129 37fad8-37fadd 127->129 132 37fb07-37fb1c call 3b31c7 128->132 133 37faf9-37fafb 128->133 129->14 137 37fb1e-37fb20 132->137 138 37fb2c-37fb44 call 3b31c7 132->138 133->132 135 37fafd-37fb02 133->135 135->14 137->138 139 37fb22-37fb27 137->139 142 37fb46-37fb48 138->142 143 37fb54-37fb6c call 3b31c7 138->143 139->14 142->143 144 37fb4a-37fb4f 142->144 147 37fb6e-37fb70 143->147 148 37fb7c-37fb91 call 3b31c7 143->148 144->14 147->148 150 37fb72-37fb77 147->150 152 37fb97-37fbb4 CompareStringW 148->152 153 37fc31-37fc33 148->153 150->14 156 37fbb6-37fbbc 152->156 157 37fbbe-37fbd3 CompareStringW 152->157 154 37fc35-37fc3c 153->154 155 37fc3e-37fc40 153->155 154->155 158 37fc42-37fc47 155->158 159 37fc4c-37fc64 call 3b33db 155->159 160 37fbff-37fc04 156->160 161 37fbd5-37fbdf 157->161 162 37fbe1-37fbf6 CompareStringW 157->162 158->14 159->59 168 37fc66-37fc68 159->168 160->155 161->160 164 37fc06-37fc1e call 3737d3 162->164 165 37fbf8 162->165 164->41 165->160 170 37fc74 168->170 171 37fc6a-37fc6f 168->171 170->59 171->14
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: =S7$AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$clbcatq.dll$msasn1.dll$registration.cpp$yes
                                                                                                                                                                                                            • API String ID: 0-144081694
                                                                                                                                                                                                            • Opcode ID: c7ab8e663b611c6e6dcbcf7f50c002126e7947627cdb02203a7194ddbf717486
                                                                                                                                                                                                            • Instruction ID: c5c2d85a4840ac03975a1728bf46272cd580932a542faeb611debc8def03f878
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7ab8e663b611c6e6dcbcf7f50c002126e7947627cdb02203a7194ddbf717486
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EE1B336E40676BECB33A6A4CC42FEDBA68BB01714F118279FD18FB551D7699D00A780
                                                                                                                                                                                                            Function 0037B389 Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 565fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 172 37b389-37b3fd call 39f670 * 2 177 37b435-37b450 SetFilePointerEx 172->177 178 37b3ff-37b42a GetLastError call 3737d3 172->178 180 37b484-37b49e ReadFile 177->180 181 37b452-37b482 GetLastError call 3737d3 177->181 189 37b42f-37b430 178->189 184 37b4d5-37b4dc 180->184 185 37b4a0-37b4d0 GetLastError call 3737d3 180->185 181->189 187 37bad3-37bae7 call 3737d3 184->187 188 37b4e2-37b4eb 184->188 185->189 203 37baec 187->203 188->187 192 37b4f1-37b501 SetFilePointerEx 188->192 193 37baed-37baf3 call 3b012f 189->193 196 37b503-37b52e GetLastError call 3737d3 192->196 197 37b538-37b550 ReadFile 192->197 204 37baf4-37bb06 call 39de36 193->204 196->197 201 37b587-37b58e 197->201 202 37b552-37b57d GetLastError call 3737d3 197->202 207 37b594-37b59e 201->207 208 37bab8-37bad1 call 3737d3 201->208 202->201 203->193 207->208 209 37b5a4-37b5c7 SetFilePointerEx 207->209 208->203 213 37b5fe-37b616 ReadFile 209->213 214 37b5c9-37b5f4 GetLastError call 3737d3 209->214 218 37b64d-37b665 ReadFile 213->218 219 37b618-37b643 GetLastError call 3737d3 213->219 214->213 222 37b667-37b692 GetLastError call 3737d3 218->222 223 37b69c-37b6b7 SetFilePointerEx 218->223 219->218 222->223 224 37b6f1-37b710 ReadFile 223->224 225 37b6b9-37b6e7 GetLastError call 3737d3 223->225 229 37b716-37b718 224->229 230 37ba79-37baad GetLastError call 3737d3 224->230 225->224 234 37b719-37b720 229->234 239 37baae-37bab6 call 3b012f 230->239 236 37b726-37b732 234->236 237 37ba54-37ba71 call 3737d3 234->237 240 37b734-37b73b 236->240 241 37b73d-37b746 236->241 247 37ba76-37ba77 237->247 239->204 240->241 244 37b780-37b787 240->244 245 37ba17-37ba2e call 3737d3 241->245 246 37b74c-37b772 ReadFile 241->246 251 37b7b0-37b7c7 call 3738d4 244->251 252 37b789-37b7ab call 3737d3 244->252 257 37ba33-37ba39 call 3b012f 245->257 246->230 250 37b778-37b77e 246->250 247->239 250->234 259 37b7eb-37b800 SetFilePointerEx 251->259 260 37b7c9-37b7e6 call 3737d3 251->260 252->247 268 37ba3f-37ba40 257->268 263 37b802-37b830 GetLastError call 3737d3 259->263 264 37b840-37b865 ReadFile 259->264 260->193 280 37b835-37b83b call 3b012f 263->280 269 37b867-37b89a GetLastError call 3737d3 264->269 270 37b89c-37b8a8 264->270 274 37ba41-37ba43 268->274 269->280 271 37b8cb-37b8cf 270->271 272 37b8aa-37b8c6 call 3737d3 270->272 278 37b8d1-37b905 call 3737d3 call 3b012f 271->278 279 37b90a-37b91d call 3b48cb 271->279 272->257 274->204 281 37ba49-37ba4f call 373999 274->281 278->274 292 37b91f-37b924 279->292 293 37b929-37b933 279->293 280->268 281->204 292->280 294 37b935-37b93b 293->294 295 37b93d-37b945 293->295 297 37b956-37b9b6 call 3738d4 294->297 298 37b947-37b94f 295->298 299 37b951-37b954 295->299 302 37b9da-37b9fb call 39f0f0 call 37b106 297->302 303 37b9b8-37b9d4 call 3737d3 297->303 298->297 299->297 302->274 310 37b9fd-37ba0d call 3737d3 302->310 303->302 310->245
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,7745C310,00000000), ref: 0037B3FF
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B44C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,7745C310,00000000), ref: 0037B452
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,\C7H,00000040,?,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B49A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,7745C310,00000000), ref: 0037B4A0
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B4FD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B503
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B54C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B552
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B5C3
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7745C310,00000000), ref: 0037B5C9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$File$Pointer$Read
                                                                                                                                                                                                            • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$\C7H$burn$section.cpp
                                                                                                                                                                                                            • API String ID: 2600052162-2468602769
                                                                                                                                                                                                            • Opcode ID: 68e6c119c193e98e894b6d19b08762f11f18b09bbcc7933a313b14ae8e12b81a
                                                                                                                                                                                                            • Instruction ID: 0d6769dd4bda810a24631e766bccb570e847dad2ef0b38d7470001d66a309428
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68e6c119c193e98e894b6d19b08762f11f18b09bbcc7933a313b14ae8e12b81a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B12A171A40325AFEB36AA69CC45FE7B6B8AF04704F018169FA0DFB580D7758D418BA1
                                                                                                                                                                                                            Function 00390A77 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 313 390a77-390a90 SetEvent 314 390aca-390ad6 WaitForSingleObject 313->314 315 390a92-390ac5 GetLastError call 3737d3 313->315 316 390ad8-390b0b GetLastError call 3737d3 314->316 317 390b10-390b1b ResetEvent 314->317 323 390e25-390e26 call 3b012f 315->323 316->323 321 390b1d-390b50 GetLastError call 3737d3 317->321 322 390b55-390b5b 317->322 321->323 326 390b5d-390b60 322->326 327 390b96-390baf call 3721bc 322->327 333 390e2b-390e2c 323->333 331 390b8c-390b91 326->331 332 390b62-390b87 call 3737d3 call 3b012f 326->332 338 390bca-390bd5 SetEvent 327->338 339 390bb1-390bc5 call 3b012f 327->339 334 390e2d-390e2f 331->334 332->333 333->334 337 390e30-390e40 334->337 342 390c00-390c0c WaitForSingleObject 338->342 343 390bd7-390bf6 GetLastError 338->343 339->334 346 390c0e-390c2d GetLastError 342->346 347 390c37-390c42 ResetEvent 342->347 343->342 346->347 349 390c6d-390c74 347->349 350 390c44-390c63 GetLastError 347->350 351 390ce3-390d05 CreateFileW 349->351 352 390c76-390c79 349->352 350->349 355 390d42-390d57 SetFilePointerEx 351->355 356 390d07-390d38 GetLastError call 3737d3 351->356 353 390c7b-390c7e 352->353 354 390ca0-390ca7 call 3738d4 352->354 358 390c99-390c9b 353->358 359 390c80-390c83 353->359 368 390cac-390cb1 354->368 360 390d59-390d8c GetLastError call 3737d3 355->360 361 390d91-390d9c SetEndOfFile 355->361 356->355 358->337 359->331 364 390c89-390c8f 359->364 360->323 366 390d9e-390dd1 GetLastError call 3737d3 361->366 367 390dd3-390df0 SetFilePointerEx 361->367 364->358 366->323 367->334 373 390df2-390e20 GetLastError call 3737d3 367->373 371 390cb3-390ccd call 3737d3 368->371 372 390cd2-390cde 368->372 371->323 372->334 373->323
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,00390621,?,?), ref: 00390A85
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00390621,?,?), ref: 00390A92
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,00390621,?,?), ref: 00390ACE
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,00390621,?,?), ref: 00390AD8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$EventObjectSingleWait
                                                                                                                                                                                                            • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3600396749-2104912459
                                                                                                                                                                                                            • Opcode ID: f9f4452f57773df7c8dd9b4f9227538063e574132a2145bd01cffac97fd16138
                                                                                                                                                                                                            • Instruction ID: fcaf0a72b62f12962a94417dfe58ec33c98ca193709174a77f5777e5755539ca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9f4452f57773df7c8dd9b4f9227538063e574132a2145bd01cffac97fd16138
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F491E172E40B25BFEB276A798D49BA775D8FF04754F024225FE05EE9A0DB61CC0086D1
                                                                                                                                                                                                            Function 003852E3 Relevance: 52.7, APIs: 17, Strings: 13, Instructions: 222filepipesleepCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 379 3852e3-385326 lstrlenW GetCurrentProcessId 380 385329-385330 379->380 381 3855b2-3855ba 380->381 382 385336-38534e SetNamedPipeHandleState 380->382 383 38557b-3855a5 GetLastError call 3737d3 382->383 384 385354 382->384 393 3855aa-3855b1 call 3b012f 383->393 385 385358-385363 ConnectNamedPipe 384->385 387 38539c-3853a2 385->387 388 385365-38536c GetLastError 385->388 387->385 392 3853a4-3853a6 387->392 390 385372-385377 388->390 391 385457-385459 388->391 395 38537d-385385 390->395 396 385444-385452 390->396 394 3853ac-3853c1 SetNamedPipeHandleState 391->394 392->394 397 385463-385478 call 3737d3 392->397 393->381 402 38554a-385579 GetLastError call 3737d3 394->402 403 3853c7-3853dc WriteFile 394->403 400 38538b-385396 Sleep 395->400 401 38545e 395->401 396->392 397->393 400->387 401->397 402->393 407 385519-385548 GetLastError call 3737d3 403->407 408 3853e2-3853f7 WriteFile 403->408 407->393 411 3853fd-385412 WriteFile 408->411 412 3854e5-385514 GetLastError call 3737d3 408->412 414 385418-38542d ReadFile 411->414 415 3854b1-3854e0 GetLastError call 3737d3 411->415 412->393 417 38547d-3854ac GetLastError call 3737d3 414->417 418 38542f-385439 414->418 415->393 417->393 418->380 421 38543f 418->421 421->381
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000000,?,003BB4F0,?,00000000,?,0037442A,?,003BB4F0), ref: 00385304
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,0037442A,?,003BB4F0), ref: 0038530F
                                                                                                                                                                                                            • SetNamedPipeHandleState.KERNELBASE(?,000000FF,00000000,00000000,?,0037442A,?,003BB4F0), ref: 00385346
                                                                                                                                                                                                            • ConnectNamedPipe.KERNELBASE(?,00000000,?,0037442A,?,003BB4F0), ref: 0038535B
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037442A,?,003BB4F0), ref: 00385365
                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064,?,0037442A,?,003BB4F0), ref: 00385396
                                                                                                                                                                                                            • SetNamedPipeHandleState.KERNELBASE(?,00000000,00000000,00000000,?,0037442A,?,003BB4F0), ref: 003853B9
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0037442A,?,003BB4F0), ref: 003853D4
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,*D7,003BB4F0,00000000,00000000,?,0037442A,?,003BB4F0), ref: 003853EF
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,comres.dll,00000004,feclient.dll,00000000,?,0037442A,?,003BB4F0), ref: 0038540A
                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,wininet.dll,00000004,feclient.dll,00000000,?,0037442A,?,003BB4F0), ref: 00385425
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037442A,?,003BB4F0), ref: 0038547D
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037442A,?,003BB4F0), ref: 003854B1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037442A,?,003BB4F0), ref: 003854E5
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037442A,?,003BB4F0), ref: 0038557B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                                                                                                                            • String ID: *D7$Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$comres.dll$crypt32.dll$feclient.dll$pipe.cpp$wininet.dll
                                                                                                                                                                                                            • API String ID: 2944378912-1945728932
                                                                                                                                                                                                            • Opcode ID: 491639bb9e9b5589c6b84d29597398d915747f2d19be95bf9253aa7352ba3ccc
                                                                                                                                                                                                            • Instruction ID: 9a10ac013106ea788c963fbfbf3b1e3308775716ebba0d7ac0491de517ade9e8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 491639bb9e9b5589c6b84d29597398d915747f2d19be95bf9253aa7352ba3ccc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F361DBB6E50725AAE712AAB98C45FEAB6ECEF04740F214125FD05FB180DBB58D0087E5
                                                                                                                                                                                                            Function 0037508D Relevance: 44.1, APIs: 5, Strings: 20, Instructions: 322COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 503 37508d-37513b call 39f670 * 2 GetModuleHandleW call 3b03f0 call 3b05a2 call 371209 514 375151-375162 call 3741d2 503->514 515 37513d 503->515 521 375164-375169 514->521 522 37516b-375187 call 375525 CoInitializeEx 514->522 516 375142-37514c call 3b012f 515->516 524 3753cc-3753d3 516->524 521->516 528 375190-37519c call 3afbad 522->528 529 375189-37518e 522->529 526 3753d5-3753db call 3b54ef 524->526 527 3753e0-3753e2 524->527 526->527 531 375407-375425 call 37d723 call 38a6d0 call 38a91e 527->531 532 3753e4-3753eb 527->532 540 3751b0-3751bf call 3b0cd1 528->540 541 37519e 528->541 529->516 553 375427-37542f 531->553 554 375453-375466 call 374e9c 531->554 532->531 535 3753ed-375402 call 3b041b 532->535 535->531 550 3751c1-3751c6 540->550 551 3751c8-3751d7 call 3b29b3 540->551 543 3751a3-3751ab call 3b012f 541->543 543->524 550->543 559 3751e0-3751ef call 3b343b 551->559 560 3751d9-3751de 551->560 553->554 556 375431-375434 553->556 562 37546d-375474 554->562 563 375468 call 3b3911 554->563 556->554 561 375436-375451 call 38416a call 37550f 556->561 572 3751f1-3751f6 559->572 573 3751f8-375217 GetVersionExW 559->573 560->543 561->554 567 375476 call 3b2dd0 562->567 568 37547b-375482 562->568 563->562 567->568 574 375484 call 3b1317 568->574 575 375489-375490 568->575 572->543 577 375251-375296 call 3733d7 call 37550f 573->577 578 375219-37524c GetLastError call 3737d3 573->578 574->575 580 375497-375499 575->580 581 375492 call 3afcbc 575->581 599 3752a9-3752b9 call 387337 577->599 600 375298-3752a3 call 3b54ef 577->600 578->543 586 3754a1-3754a8 580->586 587 37549b CoUninitialize 580->587 581->580 590 3754e3-3754ec call 3b000b 586->590 591 3754aa-3754ac 586->591 587->586 602 3754f3-37550c call 3b06f5 call 39de36 590->602 603 3754ee call 3744e9 590->603 592 3754b2-3754b8 591->592 593 3754ae-3754b0 591->593 596 3754ba-3754c9 call 383c30 call 37550f 592->596 593->596 616 3754ce-3754d3 596->616 614 3752c5-3752ce 599->614 615 3752bb 599->615 600->599 603->602 619 375396-3753ac call 374c33 614->619 620 3752d4-3752d7 614->620 615->614 616->590 618 3754d5-3754e2 call 37550f 616->618 618->590 631 3753ae 619->631 632 3753b8-3753ca 619->632 623 37536e-375381 call 3749df 620->623 624 3752dd-3752e0 620->624 630 375386-37538a 623->630 627 375346-375362 call 3747e9 624->627 628 3752e2-3752e5 624->628 627->632 643 375364 627->643 634 3752e7-3752ea 628->634 635 37531e-37533a call 374982 628->635 630->632 636 37538c 630->636 631->632 632->524 639 3752ec-3752f1 634->639 640 3752fb-37530e call 374b80 634->640 635->632 645 37533c 635->645 636->619 639->640 640->632 646 375314 640->646 643->623 645->627 646->635
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 0037510F
                                                                                                                                                                                                              • Part of subcall function 003B03F0: InitializeCriticalSection.KERNEL32(003DB60C,?,0037511B,00000000,?,?,?,?,?,?), ref: 003B0407
                                                                                                                                                                                                              • Part of subcall function 00371209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00375137,00000000,?), ref: 00371247
                                                                                                                                                                                                              • Part of subcall function 00371209: GetLastError.KERNEL32(?,?,?,00375137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00371251
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 0037517D
                                                                                                                                                                                                              • Part of subcall function 003B0CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 003B0CF2
                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 0037520F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00375219
                                                                                                                                                                                                            • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0037549B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                                                                            • String ID: 3.10.4.4718$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
                                                                                                                                                                                                            • API String ID: 3262001429-867073019
                                                                                                                                                                                                            • Opcode ID: 366bf25847a928c2cd2f11c3059b6505552c9c141494570f57e68275102b7eee
                                                                                                                                                                                                            • Instruction ID: 062526fd4da1e5665946ca78286bf3cdd550e128cd61181081a1bbeb5d59ed9a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 366bf25847a928c2cd2f11c3059b6505552c9c141494570f57e68275102b7eee
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB1C871D4062C9BEB37AF648C45BEE76A8AF04315F0141D5FA0DBA641DBF89E808F90
                                                                                                                                                                                                            Function 00387337 Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 855 387337-38737c call 39f670 call 377503 860 387388-387399 call 37c2a1 855->860 861 38737e-387383 855->861 866 38739b-3873a0 860->866 867 3873a5-3873b6 call 37c108 860->867 862 387602-387609 call 3b012f 861->862 869 38760a-38760f 862->869 866->862 877 3873b8-3873bd 867->877 878 3873c2-3873d7 call 37c362 867->878 871 387611-387612 call 3b54ef 869->871 872 387617-38761b 869->872 871->872 875 38761d-387620 call 3b54ef 872->875 876 387625-38762a 872->876 875->876 881 38762c-38762d call 3b54ef 876->881 882 387632-38763f call 37c055 876->882 877->862 886 3873d9-3873de 878->886 887 3873e3-3873f3 call 39bdc9 878->887 881->882 890 387649-38764d 882->890 891 387641-387644 call 3b54ef 882->891 886->862 899 3873ff-387472 call 385a35 887->899 900 3873f5-3873fa 887->900 894 38764f-387652 call 3b54ef 890->894 895 387657-38765b 890->895 891->890 894->895 897 38765d-387660 call 373999 895->897 898 387665-38766d 895->898 897->898 904 38747e-3874c2 call 37550f GetCurrentProcess call 3b076c call 378152 899->904 905 387474-387479 899->905 900->862 912 3874dc-3874e1 904->912 913 3874c4-3874d7 call 3b012f 904->913 905->862 915 38753d-387542 912->915 916 3874e3-3874f5 call 3780f6 912->916 913->869 917 387562-38756b 915->917 918 387544-387556 call 3780f6 915->918 927 387501-387511 call 373446 916->927 928 3874f7-3874fc 916->928 922 38756d-387570 917->922 923 387577-38758b call 38a307 917->923 918->917 930 387558-38755d 918->930 922->923 926 387572-387575 922->926 937 38758d-387592 923->937 938 387594 923->938 926->923 931 38759a-38759d 926->931 940 38751d-387531 call 3780f6 927->940 941 387513-387518 927->941 928->862 930->862 934 38759f-3875a2 931->934 935 3875a4-3875ba call 37d497 931->935 934->869 934->935 945 3875bc-3875c1 935->945 946 3875c3-3875d2 call 37cabe 935->946 937->862 938->931 940->915 947 387533-387538 940->947 941->862 945->862 949 3875d7-3875db 946->949 947->862 950 3875dd-3875e2 949->950 951 3875e4-3875fb call 37c7df 949->951 950->862 951->869 954 3875fd 951->954 954->862
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WixBundleElevated, xrefs: 003874B3, 003874C4
                                                                                                                                                                                                            • Failed to get unique temporary folder for bootstrapper application., xrefs: 003875BC
                                                                                                                                                                                                            • Failed to set source process folder variable., xrefs: 00387533
                                                                                                                                                                                                            • Failed to open attached UX container., xrefs: 0038739B
                                                                                                                                                                                                            • Failed to overwrite the %ls built-in variable., xrefs: 003874C9
                                                                                                                                                                                                            • Failed to get source process folder from path., xrefs: 00387513
                                                                                                                                                                                                            • Failed to parse command line., xrefs: 00387474
                                                                                                                                                                                                            • Failed to open manifest stream., xrefs: 003873B8
                                                                                                                                                                                                            • Failed to initialize variables., xrefs: 0038737E
                                                                                                                                                                                                            • WixBundleOriginalSource, xrefs: 00387547
                                                                                                                                                                                                            • Failed to get manifest stream from container., xrefs: 003873D9
                                                                                                                                                                                                            • Failed to load manifest., xrefs: 003873F5
                                                                                                                                                                                                            • Failed to set original source variable., xrefs: 00387558
                                                                                                                                                                                                            • WixBundleSourceProcessFolder, xrefs: 00387522
                                                                                                                                                                                                            • Failed to initialize internal cache functionality., xrefs: 0038758D
                                                                                                                                                                                                            • Failed to set source process path variable., xrefs: 003874F7
                                                                                                                                                                                                            • Failed to load catalog files., xrefs: 003875FD
                                                                                                                                                                                                            • Failed to extract bootstrapper application payloads., xrefs: 003875DD
                                                                                                                                                                                                            • WixBundleSourceProcessPath, xrefs: 003874E6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                                                            • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
                                                                                                                                                                                                            • API String ID: 32694325-252221001
                                                                                                                                                                                                            • Opcode ID: d6c7e9ffbaa93be3eaf3a7d0123e402c714554f015b621f13d81dfe519a8a98b
                                                                                                                                                                                                            • Instruction ID: 1c10861e4384651d57a42cbf1bdc88c0aad9d77de8dab5f7608538e890cc6193
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c7e9ffbaa93be3eaf3a7d0123e402c714554f015b621f13d81dfe519a8a98b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64917372A44B19BACB27AAA4CC51FEEB76DBF04700F114266F605F6141EB74EE448BD0
                                                                                                                                                                                                            Function 003884C4 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 205fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00374CB6,?,?,00000000,00374CB6,00000000), ref: 00388507
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00388514
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,003BB4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003886F6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to seek to original data in exe burn section header., xrefs: 003886CF
                                                                                                                                                                                                            • Failed to zero out original data offset., xrefs: 003886E8
                                                                                                                                                                                                            • msi.dll, xrefs: 00388608
                                                                                                                                                                                                            • Failed to seek to checksum in exe header., xrefs: 003885F9
                                                                                                                                                                                                            • Failed to seek to signature table in exe header., xrefs: 00388660
                                                                                                                                                                                                            • Failed to seek to beginning of engine file: %ls, xrefs: 0038856D
                                                                                                                                                                                                            • Failed to update signature offset., xrefs: 00388615
                                                                                                                                                                                                            • Failed to copy engine from: %ls to: %ls, xrefs: 0038859C
                                                                                                                                                                                                            • cache.cpp, xrefs: 00388538, 003885EF, 00388656, 003886C5
                                                                                                                                                                                                            • Failed to create engine file at path: %ls, xrefs: 00388545
                                                                                                                                                                                                            • cabinet.dll, xrefs: 0038866F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ChangeCloseCreateErrorFileFindLastNotification
                                                                                                                                                                                                            • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                                                                                                                            • API String ID: 4091947256-1976062716
                                                                                                                                                                                                            • Opcode ID: 3703bea7711da2834a45c040ce3d1b582143c232faa6dd20777a187a0762660f
                                                                                                                                                                                                            • Instruction ID: d97bcf16c357ac88c9d9e484c63f4a0498c9772fb9b1e48483eefc43cc1a0223
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3703bea7711da2834a45c040ce3d1b582143c232faa6dd20777a187a0762660f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A451A2B2A403257BEB136B688C4AFBB769CEB04B50F110169FF05FA581EB648C0197E5
                                                                                                                                                                                                            Function 0037567D Relevance: 33.5, APIs: 3, Strings: 19, Instructions: 476stringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1139 37567d-3756c4 EnterCriticalSection lstrlenW call 371ede 1142 3758b1-3758bf call 39f7ca 1139->1142 1143 3756ca-3756d7 call 3b012f 1139->1143 1148 3758c5-3758e2 call 37823e 1142->1148 1149 3756dc-3756ee call 39f7ca 1142->1149 1150 375b53-375b61 LeaveCriticalSection 1143->1150 1162 375728 1148->1162 1163 3758e8-3758eb call 3af3d0 1148->1163 1149->1148 1167 3756f4-375700 1149->1167 1153 375b63-375b69 1150->1153 1154 375b9c-375ba1 1150->1154 1159 375b96-375b97 call 373999 1153->1159 1160 375b6b 1153->1160 1156 375ba3-375ba4 call 3af3c0 1154->1156 1157 375ba9-375bad 1154->1157 1156->1157 1165 375baf-375bb3 1157->1165 1166 375bcd-375be0 call 372793 * 3 1157->1166 1159->1154 1168 375b6d-375b71 1160->1168 1177 37572d 1162->1177 1183 3758f0-3758f7 1163->1183 1171 375bb5-375bb8 call 3b54ef 1165->1171 1172 375bbd-375bc1 1165->1172 1188 375be5-375bed 1166->1188 1173 375702-375722 call 37823e 1167->1173 1174 37573a-37573c 1167->1174 1175 375b83-375b86 call 372793 1168->1175 1176 375b73-375b77 1168->1176 1171->1172 1172->1188 1189 375bc3-375bcb call 3b54ef 1172->1189 1173->1162 1206 3758ab-3758ae 1173->1206 1181 375764-375785 call 378281 1174->1181 1182 37573e-37575f call 37823e 1174->1182 1186 375b8b-375b8e 1175->1186 1176->1186 1187 375b79-375b81 call 3b54ef 1176->1187 1179 37572e-375735 call 3b012f 1177->1179 1209 375b50 1179->1209 1213 37578b-37579d 1181->1213 1214 375998-37599d 1181->1214 1182->1162 1211 375761 1182->1211 1194 3759a2-3759b0 call 3af3e0 1183->1194 1195 3758fd-37591c call 3737d3 1183->1195 1186->1168 1191 375b90-375b93 1186->1191 1187->1186 1189->1188 1191->1159 1219 3759e7-3759ee 1194->1219 1220 3759b2-3759e2 call 3737d3 1194->1220 1216 37593d-37593e 1195->1216 1206->1142 1209->1150 1211->1181 1217 3757b4-3757c0 call 3738d4 1213->1217 1218 37579f-3757a7 call 373a72 1213->1218 1214->1177 1216->1179 1231 375977-375996 call 3737d3 1217->1231 1232 3757c6-3757ca 1217->1232 1236 37591e-375938 call 3737d3 1218->1236 1237 3757ad-3757b2 1218->1237 1223 375a21-375a3c call 3af3f0 1219->1223 1224 3759f0-3759f3 1219->1224 1220->1177 1244 375a3e-375a40 1223->1244 1245 375aac-375ab0 1223->1245 1228 3759f6-375a01 1224->1228 1233 375a03-375a12 call 3af3e0 1228->1233 1234 375a1a-375a1d 1228->1234 1231->1216 1238 3757f2-3757f6 1232->1238 1239 3757cc-3757d3 1232->1239 1259 375a77-375aa7 call 3737d3 1233->1259 1260 375a14-375a17 1233->1260 1234->1228 1242 375a1f 1234->1242 1236->1216 1237->1232 1250 375814-37581b 1238->1250 1251 3757f8-37580e call 377e13 1238->1251 1239->1238 1246 3757d5-3757f0 call 378281 1239->1246 1242->1223 1244->1245 1254 375a42-375a72 call 3737d3 1244->1254 1247 375ab6-375acf call 37821f 1245->1247 1248 375b44-375b49 1245->1248 1273 375862-375864 1246->1273 1274 375ad1-375ad6 1247->1274 1275 375adb-375aed call 3af3f0 1247->1275 1248->1209 1256 375b4b-375b4e 1248->1256 1262 375830-37583a call 377203 1250->1262 1263 37581d-37582e call 3721a5 1250->1263 1251->1250 1276 375943-375954 call 3b012f 1251->1276 1254->1177 1256->1209 1259->1177 1260->1234 1271 37583f-37584a 1262->1271 1279 37585a-37585c 1263->1279 1280 37585f 1271->1280 1281 37584c-375855 call 3722f9 1271->1281 1282 37596d 1273->1282 1283 37586a-375888 call 378260 1273->1283 1274->1177 1290 375b24-375b38 call 378281 1275->1290 1291 375aef-375b1f call 3737d3 1275->1291 1276->1209 1279->1280 1280->1273 1281->1279 1282->1231 1293 375963 1283->1293 1294 37588e-3758a5 call 37823e 1283->1294 1290->1248 1299 375b3a-375b3f 1290->1299 1291->1177 1293->1282 1294->1206 1301 375959 1294->1301 1299->1177 1301->1293
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(000002C0,00000100,00000100,00000000,00000000,?,003799BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 003756A2
                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000,?,003799BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 003756AC
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(000002C0,00000000,00000000,00000000,00000000,00000000,00000001,?,003799BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0), ref: 00375B56
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeavelstrlen
                                                                                                                                                                                                            • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                                                                                                                            • API String ID: 3224049430-2050445661
                                                                                                                                                                                                            • Opcode ID: 8049702f468743e048bc5a07959ab87835430388713e62396cc7d014774465c3
                                                                                                                                                                                                            • Instruction ID: 1e30ddeeaf160bf14f2eb46585d736124ac5b135dfd9733518cc63004b9dd5cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8049702f468743e048bc5a07959ab87835430388713e62396cc7d014774465c3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EF1A471D00619EBDB3B9FA48841AFF7BA8EF04750F158129FD09BB641D7B89E018B91
                                                                                                                                                                                                            Function 003880AE Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 151COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1302 3880ae-3880f7 call 39f670 1305 3880fd-38810b GetCurrentProcess call 3b076c 1302->1305 1306 388270-38827d call 3721a5 1302->1306 1310 388110-38811d 1305->1310 1311 38828c-38829e call 39de36 1306->1311 1312 38827f 1306->1312 1313 3881ab-3881b9 GetTempPathW 1310->1313 1314 388123-388132 GetWindowsDirectoryW 1310->1314 1317 388284-38828b call 3b012f 1312->1317 1315 3881bb-3881ee GetLastError call 3737d3 1313->1315 1316 3881f3-388205 UuidCreate 1313->1316 1318 38816c-38817d call 37338f 1314->1318 1319 388134-388167 GetLastError call 3737d3 1314->1319 1315->1317 1323 38820e-388223 StringFromGUID2 1316->1323 1324 388207-38820c 1316->1324 1317->1311 1334 388189-38819f call 3736b4 1318->1334 1335 38817f-388184 1318->1335 1319->1317 1331 388241-388262 call 371f20 1323->1331 1332 388225-38823f call 3737d3 1323->1332 1324->1317 1341 38826b 1331->1341 1342 388264-388269 1331->1342 1332->1317 1334->1316 1344 3881a1-3881a6 1334->1344 1335->1317 1341->1306 1342->1317 1344->1317
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,?,?), ref: 00388104
                                                                                                                                                                                                              • Part of subcall function 003B076C: OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,00388110,00000000), ref: 003B078A
                                                                                                                                                                                                              • Part of subcall function 003B076C: GetLastError.KERNEL32(?,?,?,?,00388110,00000000), ref: 003B0794
                                                                                                                                                                                                              • Part of subcall function 003B076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,00388110,00000000), ref: 003B081D
                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 0038812A
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00388134
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 003881B1
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 003881BB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • %ls%ls\, xrefs: 0038824C
                                                                                                                                                                                                            • Temp\, xrefs: 00388189
                                                                                                                                                                                                            • Failed to concat Temp directory on windows path for working folder., xrefs: 003881A1
                                                                                                                                                                                                            • Failed to convert working folder guid into string., xrefs: 0038823A
                                                                                                                                                                                                            • Failed to get temp path for working folder., xrefs: 003881E9
                                                                                                                                                                                                            • Failed to get windows path for working folder., xrefs: 00388162
                                                                                                                                                                                                            • Failed to ensure windows path for working folder ended in backslash., xrefs: 0038817F
                                                                                                                                                                                                            • Failed to append bundle id on to temp path for working folder., xrefs: 00388264
                                                                                                                                                                                                            • Failed to copy working folder path., xrefs: 0038827F
                                                                                                                                                                                                            • Failed to create working folder guid., xrefs: 00388207
                                                                                                                                                                                                            • cache.cpp, xrefs: 00388158, 003881DF, 00388230
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
                                                                                                                                                                                                            • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                                                                            • API String ID: 58964441-819636856
                                                                                                                                                                                                            • Opcode ID: 01340cc033cb5bb4e01b56abe5b1bf5b25d2db502d5952613b9ce77aba30b85b
                                                                                                                                                                                                            • Instruction ID: 6b37804f8a11a9510e0803239d6464f0de3934fb9d886007eb068bbecc5e03be
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01340cc033cb5bb4e01b56abe5b1bf5b25d2db502d5952613b9ce77aba30b85b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF41E972B40724ABEB23B7A49D4AFEB73ACAB04710F514695F909FB140EE749D0447A1
                                                                                                                                                                                                            Function 00399BB3 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 230threadCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1345 399bb3-399bdd 1346 399be0-399be6 1345->1346 1347 399bec 1346->1347 1348 399e1e-399e23 1346->1348 1347->1348 1350 399bfb-399c20 WaitForMultipleObjects 1347->1350 1351 399c5a-399c6a call 39a4a0 1347->1351 1352 399c7f-399c9b call 39a5fb 1347->1352 1353 399d4f-399d52 1347->1353 1354 399c31-399c4d call 39a29b 1347->1354 1355 399bf3-399bf6 1347->1355 1356 399cf3-399cf6 call 39a1f1 1347->1356 1357 399d12-399d1a 1347->1357 1358 399ca4-399cc7 call 39a7b9 1347->1358 1359 399cd4-399ce3 call 39aa9d 1347->1359 1360 399d54 1347->1360 1349 399e28-399e29 1348->1349 1369 399e2c-399e35 call 3b012f 1349->1369 1361 399d83-399d86 1350->1361 1362 399c26 1350->1362 1379 399c6f-399c76 1351->1379 1373 399c29-399c2c 1352->1373 1391 399c9d-399ca2 1352->1391 1366 399d57-399d5a 1353->1366 1354->1373 1386 399c4f 1354->1386 1355->1366 1380 399cfb-399d02 1356->1380 1371 399d1c-399d2c call 38dc2f 1357->1371 1372 399d3e-399d43 1357->1372 1376 399d5c-399d64 1358->1376 1393 399ccd-399cd2 1358->1393 1359->1373 1396 399ce9-399cee 1359->1396 1360->1366 1384 399d88-399db9 GetLastError call 3737d3 1361->1384 1385 399dc3-399dd0 GetExitCodeThread 1361->1385 1362->1373 1366->1376 1401 399e36-399e3e 1369->1401 1404 399d3b 1371->1404 1405 399d2e-399d3a call 3b012f 1371->1405 1372->1376 1377 399d45-399d4a 1372->1377 1373->1376 1388 399d68-399d6c 1376->1388 1389 399d66 1376->1389 1387 399c54-399c55 1377->1387 1379->1373 1390 399c78-399c7d 1379->1390 1380->1373 1397 399d08-399d0d 1380->1397 1408 399dbe-399dc1 1384->1408 1394 399e0a-399e1c 1385->1394 1395 399dd2-399e08 GetLastError call 3737d3 1385->1395 1386->1387 1387->1369 1400 399d72-399d75 1388->1400 1388->1401 1389->1388 1390->1387 1391->1387 1393->1387 1394->1349 1395->1408 1396->1387 1397->1387 1400->1401 1407 399d7b-399d7e 1400->1407 1404->1372 1405->1404 1407->1346 1408->1369
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,0039BA53,00000001), ref: 00399C18
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039BA53,00000001), ref: 00399D88
                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(00000001,00000000,?,0039BA53,00000001), ref: 00399DC8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039BA53,00000001), ref: 00399DD2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to execute MSP package., xrefs: 00399C9D
                                                                                                                                                                                                            • Failed to execute package provider registration action., xrefs: 00399CE9
                                                                                                                                                                                                            • Failed to get cache thread exit code., xrefs: 00399E03
                                                                                                                                                                                                            • Cache thread exited unexpectedly., xrefs: 00399E14
                                                                                                                                                                                                            • Failed to execute dependency action., xrefs: 00399D08
                                                                                                                                                                                                            • Failed to execute MSI package., xrefs: 00399C78
                                                                                                                                                                                                            • Invalid execute action., xrefs: 00399E23
                                                                                                                                                                                                            • Failed to execute MSU package., xrefs: 00399CCD
                                                                                                                                                                                                            • Failed to execute compatible package action., xrefs: 00399D45
                                                                                                                                                                                                            • Failed to execute EXE package., xrefs: 00399C4F
                                                                                                                                                                                                            • Failed to load compatible package on per-machine package., xrefs: 00399D2E
                                                                                                                                                                                                            • apply.cpp, xrefs: 00399DAC, 00399DF6
                                                                                                                                                                                                            • Failed to wait for cache check-point., xrefs: 00399DB9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                                                                                                                            • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                                                                                                                            • API String ID: 3703294532-2662572847
                                                                                                                                                                                                            • Opcode ID: a63ca87ca40df23f1945732e1c8f1af03265dc1878a10301a121f6e5c4976291
                                                                                                                                                                                                            • Instruction ID: 1153515b45ab652f28c8a94d74fa1e73ccb72656cfb2b540130139c7d7e5e201
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a63ca87ca40df23f1945732e1c8f1af03265dc1878a10301a121f6e5c4976291
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42715A71A05229EFDF16DB68CD45FBEB7B8AB08B10F11416EF905EB250D2709E019BA0
                                                                                                                                                                                                            Function 00393870 Relevance: 28.6, APIs: 1, Strings: 15, Instructions: 589COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                            • String ID: Failed to convert version: %ls to DWORD64 for ProductCode: %ls$Failed to copy the installed ProductCode to the package.$Failed to enum related products.$Failed to get product information for ProductCode: %ls$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$Failed to query feature state.$Invalid state value.$Language$UX aborted detect compatible MSI package.$UX aborted detect related MSI package.$UX aborted detect.$VersionString$msasn1.dll$msiengine.cpp
                                                                                                                                                                                                            • API String ID: 1659193697-2574767977
                                                                                                                                                                                                            • Opcode ID: 690a2afee6b3fca1b8187f982300bbbc8f7fc09fabd7c156d6c2343d6eea6dc1
                                                                                                                                                                                                            • Instruction ID: ee880b96d80fbc34c86bd46d7dc3e925c962d21a0eb3b381d112c086e8b0fb9e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 690a2afee6b3fca1b8187f982300bbbc8f7fc09fabd7c156d6c2343d6eea6dc1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69227FB1E00619AFDF26DFA4C885FAEB7B9FF04704F104129E61AAB551D731AE50CB50
                                                                                                                                                                                                            Function 00384CE8 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 161pipeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 00384D16
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,0037442A,?), ref: 00384D1F
                                                                                                                                                                                                            • CreateNamedPipeW.KERNELBASE(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,0037442A,?), ref: 00384DC0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037442A,?), ref: 00384DCD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,0037442A,?), ref: 00384E93
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,0037442A,?), ref: 00384EC1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create the security descriptor for the connection event and pipe., xrefs: 00384D4D
                                                                                                                                                                                                            • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 00384D11
                                                                                                                                                                                                            • Failed to create pipe: %ls, xrefs: 00384DFE, 00384E84
                                                                                                                                                                                                            • \\.\pipe\%ls, xrefs: 00384D77
                                                                                                                                                                                                            • \\.\pipe\%ls.Cache, xrefs: 00384E14
                                                                                                                                                                                                            • Failed to allocate full name of pipe: %ls, xrefs: 00384D8D
                                                                                                                                                                                                            • Failed to allocate full name of cache pipe: %ls, xrefs: 00384E2A
                                                                                                                                                                                                            • pipe.cpp, xrefs: 00384D43, 00384DF1, 00384E77
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DescriptorErrorLastSecurity$CloseConvertCreateFreeHandleLocalNamedPipeString
                                                                                                                                                                                                            • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                                                                            • API String ID: 3065245045-3253666091
                                                                                                                                                                                                            • Opcode ID: dae238f6ae1b631f6abaecbd965cb9ddf4e5c33b45f5820f452f88becdcadf90
                                                                                                                                                                                                            • Instruction ID: 537e768bb0127e6239c5a9249e80d091ee7afb9f07ca08cc9fbf25f6d256ab8f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dae238f6ae1b631f6abaecbd965cb9ddf4e5c33b45f5820f452f88becdcadf90
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A751C571E40315BBEB23AAA4DC46FEEBAA8EF04314F114169FE04FA5D0D7B55E409B90
                                                                                                                                                                                                            Function 003741D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,0037515E,?,?,00000000,?,?), ref: 003741FE
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(000000D0,?,?,0037515E,?,?,00000000,?,?), ref: 00374207
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,0037515E,?,?,00000000,?,?), ref: 0037424D
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,0037515E,?,?,00000000,?,?), ref: 00374257
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,0037515E,?,?,00000000,?,?), ref: 0037426B
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,0037515E,?,?,00000000,?,?), ref: 0037427B
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,0037515E,?,?,00000000,?,?), ref: 003742CB
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,0037515E,?,?,00000000,?,?), ref: 003742D5
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,0037515E,?,?,00000000,?,?), ref: 003742E9
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,0037515E,?,?,00000000,?,?), ref: 003742F9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                                                                            • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                                                            • API String ID: 3039292287-3209860532
                                                                                                                                                                                                            • Opcode ID: 31762008fccab674ce57a9f067688b17c988598f0be12727f81d127eb0fe12fc
                                                                                                                                                                                                            • Instruction ID: f4f9aa156cbc8ad9c80ac41a49a14bdc8fd0417f38471ac19f07b0dc088d8cba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31762008fccab674ce57a9f067688b17c988598f0be12727f81d127eb0fe12fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D51E375A00215BED726AB68DC86FEAB76CEB04724F004116F61CDB290DBB4B950CBA4
                                                                                                                                                                                                            Function 0038E563 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,?), ref: 0038E5AE
                                                                                                                                                                                                            • RegisterClassW.USER32(?), ref: 0038E5DA
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038E5E5
                                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,003C9CC4,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 0038E64C
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038E656
                                                                                                                                                                                                            • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 0038E6F4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                                                            • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                                                            • API String ID: 213125376-288575659
                                                                                                                                                                                                            • Opcode ID: ee25e0e1f12ca9913fe7f626fe1127874a5a83eadf6ed918b7238002fdd33317
                                                                                                                                                                                                            • Instruction ID: 41715ca1203be1490ed6414991a956c05d229cc37018a46ea05086a5e0ba3edf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee25e0e1f12ca9913fe7f626fe1127874a5a83eadf6ed918b7238002fdd33317
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13418676A00314ABDB129BA5DC48FDABFECFF04754F114166FA09EA150EB719D00CBA1
                                                                                                                                                                                                            Function 003B29B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003737EA: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00373829
                                                                                                                                                                                                              • Part of subcall function 003737EA: GetLastError.KERNEL32 ref: 00373833
                                                                                                                                                                                                              • Part of subcall function 003B4932: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 003B495A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 003B29FD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 003B2A20
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 003B2A43
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 003B2A66
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 003B2A89
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 003B2AAC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 003B2ACF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                                                                            • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                                                            • API String ID: 2510051996-1735120554
                                                                                                                                                                                                            • Opcode ID: 72473549a63b3dd1e1d9c5141db629a604ea3b540c4c1b7f025fe9d4b21168ea
                                                                                                                                                                                                            • Instruction ID: 7250bb093e1be59864540b1b356641324a134dbb5b977f90239651520c4b64d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72473549a63b3dd1e1d9c5141db629a604ea3b540c4c1b7f025fe9d4b21168ea
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B31E8B5642208EFDB1BDF25FC52A69BBB9FB44B04B42452FE405922A0DBB1D900DB00
                                                                                                                                                                                                            Function 0037C129 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 128fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(0039AB22,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,?,?,0039AB22), ref: 0037C170
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039AB22), ref: 0037C181
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00000000,?,?,0039AB22), ref: 0037C1D0
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0039AB22), ref: 0037C1D6
                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,0039AB22), ref: 0037C1D9
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039AB22), ref: 0037C1E3
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,0039AB22), ref: 0037C235
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039AB22), ref: 0037C23F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                                                            • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp
                                                                                                                                                                                                            • API String ID: 2619879409-2168299741
                                                                                                                                                                                                            • Opcode ID: 101c3e453b730d467ab3f0edf96d50ac5a0b926ff03be3cb6f32f13a5d1a9fdc
                                                                                                                                                                                                            • Instruction ID: eed608419a7605ccefdb18b096de7833bcf6d4dd6249edf5f9798ad5501327c2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 101c3e453b730d467ab3f0edf96d50ac5a0b926ff03be3cb6f32f13a5d1a9fdc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7341A672240301AFDB229E6A9C45EA777E9EB85754F118129FE0CEB252DB75C801DB60
                                                                                                                                                                                                            Function 003AFBAD Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 74libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 003AFBD5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(SystemFunction041), ref: 003AFBE7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 003AFC2A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 003AFC3E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 003AFC76
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 003AFC8A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$ErrorLast
                                                                                                                                                                                                            • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                                                                                                                            • API String ID: 4214558900-3191127217
                                                                                                                                                                                                            • Opcode ID: 0e1fb95b61cd3e4d7b875af65ddf5d3fddab6f678b4e309dc1854f65a17a2ea3
                                                                                                                                                                                                            • Instruction ID: 6535cea494e63cc2295750ebb3452124c159b1b7eda41a52f318b6f768a9967c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e1fb95b61cd3e4d7b875af65ddf5d3fddab6f678b4e309dc1854f65a17a2ea3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1621A732A41326DFD7236B67BD05B62F6DAEB06750F034237EC10E6261EB648C019A94
                                                                                                                                                                                                            Function 00391484 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 103COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,0000001C,?,00000000,00000000,00000000,00000000,?,0037C285,00000000,0039AB22,?,0039AB22), ref: 003914BB
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0037C285,00000000,0039AB22,?,0039AB22), ref: 003914C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorEventLast
                                                                                                                                                                                                            • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 545576003-1680384675
                                                                                                                                                                                                            • Opcode ID: 13f9d9c9a0a3ecba1158b6cc2f762a68e72a735957066e996c557c234d3a6ee7
                                                                                                                                                                                                            • Instruction ID: 662894da7aa47d54db79a90dd73497c014ab8988283e7b20b5f4d9bb2e73e8c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13f9d9c9a0a3ecba1158b6cc2f762a68e72a735957066e996c557c234d3a6ee7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B021E5B2A40B2A7AFB2326795C45FB769ECEB44798F034226FD05FB580EA54DC0046E1
                                                                                                                                                                                                            Function 00390627 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00390657
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0039066F
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00390674
                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00390677
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00390681
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 003906F0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 003906FD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to duplicate handle to cab container., xrefs: 003906AF
                                                                                                                                                                                                            • Failed to add virtual file pointer for cab container., xrefs: 003906D6
                                                                                                                                                                                                            • <the>.cab, xrefs: 00390650
                                                                                                                                                                                                            • Failed to open cabinet file: %hs, xrefs: 0039072E
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 003906A5, 00390721
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                                                            • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3030546534-3446344238
                                                                                                                                                                                                            • Opcode ID: 4bae5f64b28bea0a1c1d6d8347a08fd11f8f7dc045266cc3c3aa0ccb6391b526
                                                                                                                                                                                                            • Instruction ID: c3971667189f20d5f62ac0a99d973217549dfbd37a5e11b63ef9026b2c9fbc76
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bae5f64b28bea0a1c1d6d8347a08fd11f8f7dc045266cc3c3aa0ccb6391b526
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0331E772A01629BFEB225BA99C48F9B7AACFF04764F110215FD08F7550DB719D108BE4
                                                                                                                                                                                                            Function 00376C5D Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 167COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000001,?,00000000,?,00000000,00000001), ref: 00376C6E
                                                                                                                                                                                                              • Part of subcall function 003755B6: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,?,000000FF,?,?,?,?,?,?,00375CA1,?,?,00000000), ref: 003755F2
                                                                                                                                                                                                              • Part of subcall function 003755B6: GetLastError.KERNEL32(?,?,?,00375CA1,?,?,00000000,?,00000000,?,?,003773AF,?,?,00000000), ref: 00375621
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000001,?,00000001), ref: 00376E02
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set value of variable: %ls, xrefs: 00376DEA
                                                                                                                                                                                                            • variable.cpp, xrefs: 00376CF1
                                                                                                                                                                                                            • Failed to insert variable '%ls'., xrefs: 00376CB3
                                                                                                                                                                                                            • Attempt to set built-in variable value: %ls, xrefs: 00376CFC
                                                                                                                                                                                                            • Unsetting variable '%ls', xrefs: 00376DBE
                                                                                                                                                                                                            • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00376E14
                                                                                                                                                                                                            • Setting hidden variable '%ls', xrefs: 00376D2C
                                                                                                                                                                                                            • Setting numeric variable '%ls' to value %lld, xrefs: 00376DA3
                                                                                                                                                                                                            • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00376D79
                                                                                                                                                                                                            • Setting string variable '%ls' to value '%ls', xrefs: 00376D96
                                                                                                                                                                                                            • Failed to find variable value '%ls'., xrefs: 00376C89
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                                                            • API String ID: 2716280545-445000439
                                                                                                                                                                                                            • Opcode ID: 60b2416155031bc0726e80e6b7c54868b23ea3fbcbdc61e9e2750a7827608e5f
                                                                                                                                                                                                            • Instruction ID: 9462084c801e603a5a8446ba517be6a52097566c161d3cee8e7f1ac36c058e70
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60b2416155031bc0726e80e6b7c54868b23ea3fbcbdc61e9e2750a7827608e5f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1518C71B00A19ABCB379F14CD6BFAB3BA8EB51704F118119F84C6A681D278DD10CAE0
                                                                                                                                                                                                            Function 00382A60 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00382ACD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • crypt32.dll, xrefs: 00382B18, 00382C16, 00382D0B, 00382D80
                                                                                                                                                                                                            • Failed to allocate registration action., xrefs: 00382B36
                                                                                                                                                                                                            • Failed to add dependents ignored from command-line., xrefs: 00382B82
                                                                                                                                                                                                            • Failed to add dependent bundle provider key to ignore dependents., xrefs: 00382C37
                                                                                                                                                                                                            • Failed to check for remaining dependents during planning., xrefs: 00382C73
                                                                                                                                                                                                            • Failed to add self-dependent to ignore dependents., xrefs: 00382B51
                                                                                                                                                                                                            • Failed to add registration action for dependent related bundle., xrefs: 00382DD5
                                                                                                                                                                                                            • Failed to add registration action for self dependent., xrefs: 00382D9E
                                                                                                                                                                                                            • Failed to create the string dictionary., xrefs: 00382B06
                                                                                                                                                                                                            • wininet.dll, xrefs: 00382D1E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                                                                                                                            • API String ID: 1825529933-1705955799
                                                                                                                                                                                                            • Opcode ID: c0a40e6910bb8e50167b0e41e4de42dbbf1a82fb4d9bd4ec9d39632daaacfe83
                                                                                                                                                                                                            • Instruction ID: b559af3b70dac9718397521ded04e9ee72a7db1794b59a0d6bf366232c4f628f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0a40e6910bb8e50167b0e41e4de42dbbf1a82fb4d9bd4ec9d39632daaacfe83
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75B19C71A00716EFCF2BEF68C881BAB7BB5BF44310F1281A9F815AA251D770D951DB90
                                                                                                                                                                                                            Function 003749DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 00374B5E
                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00374B6F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set action variables., xrefs: 00374ABE
                                                                                                                                                                                                            • Failed to set registration variables., xrefs: 00374AD8
                                                                                                                                                                                                            • Failed to check global conditions, xrefs: 00374A43
                                                                                                                                                                                                            • WixBundleLayoutDirectory, xrefs: 00374AEF
                                                                                                                                                                                                            • Failed to open log., xrefs: 00374A12
                                                                                                                                                                                                            • Failed to query registration., xrefs: 00374AA8
                                                                                                                                                                                                            • Failed to set layout directory variable to value provided from command-line., xrefs: 00374B00
                                                                                                                                                                                                            • Failed while running , xrefs: 00374B24
                                                                                                                                                                                                            • Failed to create the message window., xrefs: 00374A92
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePostWindow
                                                                                                                                                                                                            • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                                                            • API String ID: 3618638489-3051724725
                                                                                                                                                                                                            • Opcode ID: a537014261aa74bda2813a3126ec7834f17d85288cea231d8c00b92a429e7dc3
                                                                                                                                                                                                            • Instruction ID: 114a48917fa79445fafa240eb305a9b16929923d31d37228240408933ba243ec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a537014261aa74bda2813a3126ec7834f17d85288cea231d8c00b92a429e7dc3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7841C371A4061ABBDB37AA60CC45FFAB66CFF01754F018215F90CAA950DBA8FD1097D0
                                                                                                                                                                                                            Function 0037CABE Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,?,000000FF,00375381,?,003752B5,00000000,00375381,FFF9E89D,00375381,003753B5,0037533D,?), ref: 0037CB15
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                            • String ID: =S7$=S7$Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                                                            • API String ID: 1825529933-1323816725
                                                                                                                                                                                                            • Opcode ID: c465cf5a267eda552e2dc1dc1aadab666cd749a4b8f76c036ea26cc755431c49
                                                                                                                                                                                                            • Instruction ID: 88afffb0ebfce4c9c9e14ec3b5d29ab8eb379713370db0eed40fa8815adc13de
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c465cf5a267eda552e2dc1dc1aadab666cd749a4b8f76c036ea26cc755431c49
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E41C131920219EFCF3B9E88CC829AEB7A5AF04710F11E16DF909AB251C3789D41DB91
                                                                                                                                                                                                            Function 0038E82A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00375386,?,?), ref: 0038E84A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00375386,?,?), ref: 0038E857
                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_0001E563,?,00000000,00000000), ref: 0038E8B0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00375386,?,?), ref: 0038E8BD
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00375386,?,?), ref: 0038E8F8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00375386,?,?), ref: 0038E917
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,00375386,?,?), ref: 0038E924
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorLast$ChangeEventFindHandleMultipleNotificationObjectsThreadWait
                                                                                                                                                                                                            • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                                                            • API String ID: 1372344712-3599963359
                                                                                                                                                                                                            • Opcode ID: c1267bee7f8d15de917310cff38724d31bba6504981388eead9feb776eada112
                                                                                                                                                                                                            • Instruction ID: 7a1e07709670905426042754c9ff10de7da329d785d96656bfb479a08052cb22
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1267bee7f8d15de917310cff38724d31bba6504981388eead9feb776eada112
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87313475E40319BFEB12AFA99D84AAFB6ECEF08750F11416AF905F7150D7709E0087A1
                                                                                                                                                                                                            Function 00391224 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,00000000,76922F60,?,00000000,?,?,?,00000000), ref: 00391249
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,0039B555,?,?,80000000,?,?,?,?,?), ref: 0039125C
                                                                                                                                                                                                            • GetExitCodeThread.KERNELBASE(?,?,?,?,00000000,?,?,?,?,0039B555,?,?,80000000,?,?,?), ref: 0039129E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,0039B555,?,?,80000000,?,?,?,?,?), ref: 003912AC
                                                                                                                                                                                                            • ResetEvent.KERNEL32(?,?,?,00000000,?,?,?,?,0039B555,?,?,80000000,?,?,?,?), ref: 003912E7
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,0039B555,?,?,80000000,?,?,?,?,?), ref: 003912F1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                                                            • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2979751695-3400260300
                                                                                                                                                                                                            • Opcode ID: 938768e041d9073bde9696cba3af7e0d4a9a0e803442dabdb27e39a6ad112e9a
                                                                                                                                                                                                            • Instruction ID: 5bd80c0bf0d93332b0995372882516ed1e3a573c2011498fddfb4ce91185992c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 938768e041d9073bde9696cba3af7e0d4a9a0e803442dabdb27e39a6ad112e9a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD21D775700309AFEB1AAB759D45BBEB6F8EB04710F40412EF946E65A0EB74CE009B15
                                                                                                                                                                                                            Function 0037D5C0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(?,00000000,?,003746F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00375386,?,?), ref: 0037D5CD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003746F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00375386,?,?), ref: 0037D5DA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0037D612
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003746F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00375386,?,?), ref: 0037D61E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                                                            • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
                                                                                                                                                                                                            • API String ID: 1866314245-1140179540
                                                                                                                                                                                                            • Opcode ID: a54b3ec8eea8a9267ebfb1f8b505980c56259576a62635de27490e91e118de8e
                                                                                                                                                                                                            • Instruction ID: 89043b190da54c656f1ae676f5da0b797f54574df5ab1a992e1403d8b4faa84e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a54b3ec8eea8a9267ebfb1f8b505980c56259576a62635de27490e91e118de8e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F11C632A40721AFEB376A699C05FB776D89F04754F02812AFE0DE7990DB65CC0086E4
                                                                                                                                                                                                            Function 0039B2F6 Relevance: 16.3, APIs: 2, Strings: 7, Instructions: 553COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: ($Failed to set syncpoint event.$UX aborted cache.$apply.cpp$begin cache package$end cache package$layout bundle
                                                                                                                                                                                                            • API String ID: 0-826262529
                                                                                                                                                                                                            • Opcode ID: 8fa848b139924e31512d34ceebded8bcb5140276e45f9ac7d37a6d385a7b8b1b
                                                                                                                                                                                                            • Instruction ID: c7791d2b44a441aa75173d0245dbd17431e039e0c970939952904b19366928a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fa848b139924e31512d34ceebded8bcb5140276e45f9ac7d37a6d385a7b8b1b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E224571A00619FFDF16CF94D980FAABBB6FF48710F218259F914AB650C331A961DB90
                                                                                                                                                                                                            Function 003B9814 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 221libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003B98A2
                                                                                                                                                                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000000), ref: 003B992E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 003B993A
                                                                                                                                                                                                            • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 003B997A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                                                                                                                                            • String ID: $
                                                                                                                                                                                                            • API String ID: 948315288-3993045852
                                                                                                                                                                                                            • Opcode ID: 81861dd2b2995f9b4c3c09ba800f88bf2233e332e259fd6a1b56d16bb40a661e
                                                                                                                                                                                                            • Instruction ID: 51ab6147867f200584de0e9f893eaa2f0373f95132e2627ddb32ba5c8fd9d9ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81861dd2b2995f9b4c3c09ba800f88bf2233e332e259fd6a1b56d16bb40a661e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7818E75D01219AFCB12DF95D884AEEB7B8FF84358F16412AEA15AB310DBB0DD01CB90
                                                                                                                                                                                                            Function 00372DE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 198sleepfiletimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001,00000000,00000000), ref: 00372E7A
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00372E84
                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00372F1F
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00372FAD
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00372FBA
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00372FCC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0037302C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • pathutil.cpp, xrefs: 00372EA8
                                                                                                                                                                                                            • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00372F7D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                                                            • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                                                            • API String ID: 3480017824-1101990113
                                                                                                                                                                                                            • Opcode ID: ac683e9796d82c5f42793a2e271d3e28f5e03135705e7f89b470a8cc417bfb41
                                                                                                                                                                                                            • Instruction ID: 4982f6a51cebbc98c34f6d4597d4b95b7d4eae923a8a4ac08a344bb8e2cf2946
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac683e9796d82c5f42793a2e271d3e28f5e03135705e7f89b470a8cc417bfb41
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42716971D41229ABDB329BA5DC49BEEB3F8AF08710F014195FA09E7190D7789E80DF50
                                                                                                                                                                                                            Function 00374690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 003746B5
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 003746BB
                                                                                                                                                                                                            • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00374749
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create engine for UX., xrefs: 003746D5
                                                                                                                                                                                                            • Failed to start bootstrapper application., xrefs: 00374717
                                                                                                                                                                                                            • Failed to load UX., xrefs: 003746FE
                                                                                                                                                                                                            • engine.cpp, xrefs: 00374795
                                                                                                                                                                                                            • Unexpected return value from message pump., xrefs: 0037479F
                                                                                                                                                                                                            • wininet.dll, xrefs: 003746E8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$CurrentPeekThread
                                                                                                                                                                                                            • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                                                                            • API String ID: 673430819-2573580774
                                                                                                                                                                                                            • Opcode ID: ee9816891ee19bc3739b57877658ba19586234fb22eff69180b87664dfc510f3
                                                                                                                                                                                                            • Instruction ID: bfc43d51373eba03328740d083ec3d3c57282f24262b284f3f00ce6511a4ff3b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee9816891ee19bc3739b57877658ba19586234fb22eff69180b87664dfc510f3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C441A571600219BFE72A9BA4CC85EFAB7ACEF05314F118125F91DEB540DB68FD0587A1
                                                                                                                                                                                                            Function 0038473A Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000008,?,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000001,00000000), ref: 00384765
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00384772
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,?,00000000), ref: 0038481B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00384825
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastRead
                                                                                                                                                                                                            • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                                                                                                                                                            • API String ID: 1948546556-3912962418
                                                                                                                                                                                                            • Opcode ID: 818a7931a4db847d720b015e62eedcbdb9fd40694c1cbb9a745d0dd341b67648
                                                                                                                                                                                                            • Instruction ID: e856ca2caf63b81c61014f1856c0f0ba9901c1dbca4dce85ad9b5e8dabf05933
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 818a7931a4db847d720b015e62eedcbdb9fd40694c1cbb9a745d0dd341b67648
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29311871E4032ABBD712AF65DC45BAAF76CEB05711F11C169F814E6980DB75DE0087D0
                                                                                                                                                                                                            Function 0037F69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0037F7CD
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0037F7DA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to read Resume value., xrefs: 0037F763
                                                                                                                                                                                                            • %ls.RebootRequired, xrefs: 0037F6BA
                                                                                                                                                                                                            • Failed to open registration key., xrefs: 0037F736
                                                                                                                                                                                                            • Failed to format pending restart registry key to read., xrefs: 0037F6D1
                                                                                                                                                                                                            • Resume, xrefs: 0037F741
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                            • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                                                            • API String ID: 3535843008-3890505273
                                                                                                                                                                                                            • Opcode ID: bf77f87a3449717aa3cc0c9bc8cd0d96f0e44603d8b18a06d861163436b055a7
                                                                                                                                                                                                            • Instruction ID: a9cf33d8d20adc792d8c2c9cde26805e9ee597cf23d379b8e5c79ca6182df8a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf77f87a3449717aa3cc0c9bc8cd0d96f0e44603d8b18a06d861163436b055a7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2418636900158EFCB279F98C881AEDBBB9FF05354F15C17AE918AB610C3799E50DB80
                                                                                                                                                                                                            Function 00379B3F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00379B72
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00379B81
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to format variable string., xrefs: 00379B65
                                                                                                                                                                                                            • Failed to set variable., xrefs: 00379C07
                                                                                                                                                                                                            • File search: %ls, did not find path: %ls, xrefs: 00379BD5
                                                                                                                                                                                                            • search.cpp, xrefs: 00379BB3
                                                                                                                                                                                                            • Failed get to file attributes. '%ls', xrefs: 00379BC0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                            • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                                                                                                                            • API String ID: 1799206407-2053429945
                                                                                                                                                                                                            • Opcode ID: b2aaa25aa3217b43978afd62f3a0d331fd60df78d2c5d2500f5612ebade30ada
                                                                                                                                                                                                            • Instruction ID: 92a1ae4318f13bfc4b3aca1ad53daf28f030335700cba4b4a378f627d1001baa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2aaa25aa3217b43978afd62f3a0d331fd60df78d2c5d2500f5612ebade30ada
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A212932E40215BBDF2766A89D02BEEB769EF04310F108312F908F9190EB749D50D6D1
                                                                                                                                                                                                            Function 003867B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00386CFB,@G7,?,00000000,?,00000000,00000001), ref: 003867BD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00386CFB,@G7,?,00000000,?,00000000,00000001), ref: 003867C7
                                                                                                                                                                                                            • GetExitCodeThread.KERNELBASE(00000001,00000000,?,00386CFB,@G7,?,00000000,?,00000000,00000001), ref: 00386806
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00386CFB,@G7,?,00000000,?,00000000,00000001), ref: 00386810
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                                                            • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                                                                                                                            • API String ID: 3686190907-2546940223
                                                                                                                                                                                                            • Opcode ID: 210939935497b3fdeffff19434f7068592d4595799d7c6049c6dd18ea1696ac1
                                                                                                                                                                                                            • Instruction ID: e1c5a0c3eafdf711da5710ab9fe39ed127432baa780e8e648943a338e6dfd1fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 210939935497b3fdeffff19434f7068592d4595799d7c6049c6dd18ea1696ac1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB018470740308BBFB0AAB75DD16BBE76E9EB00710F10416DF90AD91E0EB75DE00A618
                                                                                                                                                                                                            Function 0038D206 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000001,003BB4F0,?,00000001,000000FF,?,?,76D695A0,00000000,00000001,00000000,?,003872F3), ref: 0038D32F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to elevate., xrefs: 0038D311
                                                                                                                                                                                                            • elevation.cpp, xrefs: 0038D23A
                                                                                                                                                                                                            • Failed to connect to elevated child process., xrefs: 0038D318
                                                                                                                                                                                                            • UX aborted elevation requirement., xrefs: 0038D244
                                                                                                                                                                                                            • Failed to create pipe and cache pipe., xrefs: 0038D28C
                                                                                                                                                                                                            • Failed to create pipe name and client token., xrefs: 0038D270
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                            • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                                                                                                                            • API String ID: 2962429428-3003415917
                                                                                                                                                                                                            • Opcode ID: 0d0840b7b9ad957fd3d2da81b1665f3f9cba8235eaa4f5facc89747294bf737f
                                                                                                                                                                                                            • Instruction ID: ac3ead8e5c6ad70ea24aa96c0456e3863ca13e224cb22362e4a6b88e2ab86cd8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d0840b7b9ad957fd3d2da81b1665f3f9cba8235eaa4f5facc89747294bf737f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5314B76A447227BEB2BB6608C42FAF675CDF00730F100289F909EB1C1DBA1EE0043A5
                                                                                                                                                                                                            Function 003B041B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(003DB60C,00000000,?,?,?,00375407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 003B042B
                                                                                                                                                                                                            • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,003DB604,?,00375407,00000000,Setup), ref: 003B04CC
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00375407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 003B04DC
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00375407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 003B0515
                                                                                                                                                                                                              • Part of subcall function 00372DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00372F1F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(003DB60C,?,?,003DB604,?,00375407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 003B056E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                                                            • String ID: logutil.cpp
                                                                                                                                                                                                            • API String ID: 4111229724-3545173039
                                                                                                                                                                                                            • Opcode ID: a962fb4093724b5f3f27eb71bc4e29b871873fba05260e65543b8561c338e7a9
                                                                                                                                                                                                            • Instruction ID: db408c71b9583529d0c3e35097d0f9c663f43c0daaea24e2e3ce8ed50d9588af
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a962fb4093724b5f3f27eb71bc4e29b871873fba05260e65543b8561c338e7a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA316271A05219EFDB379F65EC81AEF776CEB01B59F024126FB00AA960DB70CD509B90
                                                                                                                                                                                                            Function 00377203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,0037583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00377215
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,0037583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 003772F4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to get value as string for variable: %ls, xrefs: 003772E3
                                                                                                                                                                                                            • Failed to get unformatted string., xrefs: 00377285
                                                                                                                                                                                                            • *****, xrefs: 003772B0, 003772BD
                                                                                                                                                                                                            • Failed to get variable: %ls, xrefs: 00377256
                                                                                                                                                                                                            • Failed to format value '%ls' of variable: %ls, xrefs: 003772BE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                            • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                                                                                                                            • API String ID: 3168844106-2873099529
                                                                                                                                                                                                            • Opcode ID: 067174a6841764fa3935de9181718371b563d40d7d976a36e824754a1f7e37db
                                                                                                                                                                                                            • Instruction ID: 5ae5561c6277c75f80fa9006df9667c215d8892899e22870e819fd80ec161fb0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 067174a6841764fa3935de9181718371b563d40d7d976a36e824754a1f7e37db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0331E232E0461AFBCF335A40CC05BDEBB68EF14324F108925F9186A911D779AE51DBD0
                                                                                                                                                                                                            Function 003B076C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,00388110,00000000), ref: 003B078A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00388110,00000000), ref: 003B0794
                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,00388110,00000000), ref: 003B07C6
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,00388110,00000000), ref: 003B081D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                                                                                                                                                            • String ID: procutil.cpp
                                                                                                                                                                                                            • API String ID: 2387526074-1178289305
                                                                                                                                                                                                            • Opcode ID: 531d329c5ed46dba8a282fd6ba94435d809e31d5f25ddcc202a69983217df84f
                                                                                                                                                                                                            • Instruction ID: 7640f5064d2abec7a06491fab4fb3752f06e07bcdc0e553ec0a334822d003fc7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 531d329c5ed46dba8a282fd6ba94435d809e31d5f25ddcc202a69983217df84f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B621A471E00228EBDB16AB958C45AEFFBECEF44714F118166EE15E7560E7704E00DAD0
                                                                                                                                                                                                            Function 003909B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00390A25
                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00390A37
                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00390A4A
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00390616,?,?), ref: 00390A59
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Invalid operation for this state., xrefs: 003909FE
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 003909F4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$File$ChangeCloseDateFindLocalNotification
                                                                                                                                                                                                            • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 1330928052-1751360545
                                                                                                                                                                                                            • Opcode ID: b7158634691a21376986d17d5c400a3ba210e04e40f66da2970fe8f78990cdf1
                                                                                                                                                                                                            • Instruction ID: dc358fd9278d9166849b1002dda064b42db78e9c140d4f14709ddcbaf9b2ba7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7158634691a21376986d17d5c400a3ba210e04e40f66da2970fe8f78990cdf1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7021A17281061DAF8B159FA8DD488EEBBBCFE04720B10421AF915DA990C770DA11DBD0
                                                                                                                                                                                                            Function 003B3B4A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 003B3B98
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000), ref: 003B3BA2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00000000), ref: 003B3BD5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorExecuteHandleLastShell
                                                                                                                                                                                                            • String ID: <$shelutil.cpp$H\u
                                                                                                                                                                                                            • API String ID: 3023784893-4117820998
                                                                                                                                                                                                            • Opcode ID: b77ceada8ef1ca8600e6ff3d5db72f53d12901743d8e9bd65d0c7a2d4e35df03
                                                                                                                                                                                                            • Instruction ID: 48abc2f25ca62617eec6af014364181d4c12e4861e85aee6ae2444f9f8b538bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b77ceada8ef1ca8600e6ff3d5db72f53d12901743d8e9bd65d0c7a2d4e35df03
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3611EAB5E01228AFDB11DFA9D845ADEBBF8AF08354F014126FD05E7350E7749A008BA4
                                                                                                                                                                                                            Function 003B343B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 003B344A
                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(003DB6D8), ref: 003B3467
                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,003DB6C8,?,?,?,?,?,?), ref: 003B3482
                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(MSXML.DOMDocument,003DB6C8,?,?,?,?,?,?), ref: 003B348E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                                                            • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                                                            • API String ID: 2109125048-2356320334
                                                                                                                                                                                                            • Opcode ID: 9afb4160896a0b419fd1519c725ea3cd6b3d7fdb7b1ad740436557eaba5d9a9f
                                                                                                                                                                                                            • Instruction ID: ac743ff2d04a19f759bff610550c26a7951c6a82814afc64900530df690402e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9afb4160896a0b419fd1519c725ea3cd6b3d7fdb7b1ad740436557eaba5d9a9f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BF0EC21785235AFC7234B97BC0DF97AF699B81F5CF02051AFB04D1654D750C5418670
                                                                                                                                                                                                            Function 003B4932 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 003B495A
                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 003B4989
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 003B49B3
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,003BB790,?,?,?,00000000,00000000,00000000), ref: 003B49F4
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 003B4A28
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 1145190524-2967768451
                                                                                                                                                                                                            • Opcode ID: 449b31b82c4f1c1f8c100f8cec96640c74bb4c7ccb5087da0cb49de640194d7b
                                                                                                                                                                                                            • Instruction ID: ad3dcfd139a08d804fcd34c333c303771d337c08dba4f36cb437fff92940e54e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 449b31b82c4f1c1f8c100f8cec96640c74bb4c7ccb5087da0cb49de640194d7b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A219835A40329ABD7139BA58C45AFBFBACEF85758F014216FF05E7611DB708D0096A4
                                                                                                                                                                                                            Function 0038E705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000082,?,?), ref: 0038E734
                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0038E743
                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,?), ref: 0038E757
                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0038E767
                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0038E781
                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 0038E7DE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3812958022-0
                                                                                                                                                                                                            • Opcode ID: 842b66b0e153d4bc28f5fa0df7209bde34b9ac8d142543ca1b6fd9a14be0b706
                                                                                                                                                                                                            • Instruction ID: fd1df344730791914d06535a052a77ba8956604e248fc2866d50b72d02600815
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 842b66b0e153d4bc28f5fa0df7209bde34b9ac8d142543ca1b6fd9a14be0b706
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D212236104218BFDF13AFA4CC88E6A7BA9FF44754F148264FA0AAA1B0C770DD10DB60
                                                                                                                                                                                                            Function 003B10C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 003B10ED
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00386EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 003B1126
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 003B121A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue$lstrlen
                                                                                                                                                                                                            • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                                                                            • API String ID: 3790715954-1648651458
                                                                                                                                                                                                            • Opcode ID: 0be954a6ae064bfa41a1b3f13eca67879501392f9de591046f3d53e75bb61b37
                                                                                                                                                                                                            • Instruction ID: 9ef4238980e354158944b0235231ea23861e794806d2529b0bc1d3f099a7ed8e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0be954a6ae064bfa41a1b3f13eca67879501392f9de591046f3d53e75bb61b37
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B41C731A00219EFDB26CF99D891AEEB7B9EF45714F524169EE05EF610D730DE018790
                                                                                                                                                                                                            Function 0039AAE8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to extract all payloads from container: %ls, xrefs: 0039AB9C
                                                                                                                                                                                                            • Failed to open container: %ls., xrefs: 0039AB2A
                                                                                                                                                                                                            • Failed to extract payload: %ls from container: %ls, xrefs: 0039ABE3
                                                                                                                                                                                                            • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 0039ABEF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorFileLast
                                                                                                                                                                                                            • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                                                                                                                            • API String ID: 1214770103-3891707333
                                                                                                                                                                                                            • Opcode ID: 47dff3ed6e4ffb5b2d4a8db45934f76ab97a7684d5bd07e22c52f0c2ed817eee
                                                                                                                                                                                                            • Instruction ID: 043c3221b114f0f4ea08f612f183c057dff9f67188620e9536947def52c4546a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47dff3ed6e4ffb5b2d4a8db45934f76ab97a7684d5bd07e22c52f0c2ed817eee
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F31D432D00519BBCF23AAE4CC82E9E77B9AF04310F204229FE11AA191D735DA50DBE1
                                                                                                                                                                                                            Function 003907E4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 0039088A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 00390894
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to move file pointer 0x%x bytes., xrefs: 003908C5
                                                                                                                                                                                                            • Invalid seek type., xrefs: 00390820
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 003908B8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2976181284-417918914
                                                                                                                                                                                                            • Opcode ID: 63231f4e681e0261d69259cc3a6443fed930459e730fab93887705f217b0a546
                                                                                                                                                                                                            • Instruction ID: c541b8b913a98eaf08f493e9ffa5dc67f6886f28602c7a67cbe0ff569ccf4682
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63231f4e681e0261d69259cc3a6443fed930459e730fab93887705f217b0a546
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A318372B0461AFFDB0ADFA9CC85DAAB7A9FB04714F018229F915E7650D730AD118BD0
                                                                                                                                                                                                            Function 003B4212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003B4315: FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 003B4350
                                                                                                                                                                                                              • Part of subcall function 003B4315: FindClose.KERNEL32(00000000), ref: 003B435C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 003B4305
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                              • Part of subcall function 003B10C5: RegQueryValueExW.KERNELBASE(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 003B10ED
                                                                                                                                                                                                              • Part of subcall function 003B10C5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00386EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 003B1126
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                                                                                                                            • API String ID: 3397690329-3978359083
                                                                                                                                                                                                            • Opcode ID: fa6b99d2cfe7bf6b140ff4b864790db79089dcadb0d14472f806ddc9407f0770
                                                                                                                                                                                                            • Instruction ID: 8d4ec8571511d845ea7aa675a19a30a52f921f3cec8092951a10399697a381fd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa6b99d2cfe7bf6b140ff4b864790db79089dcadb0d14472f806ddc9407f0770
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2531F53590020DAADF23AFC5CC419FEBB79EF04318F15856AFA04AE552D3318A40EB58
                                                                                                                                                                                                            Function 00398B73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 00398BF7
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,0037F66B,00000001,00000100,000001B4,00000000), ref: 00398C45
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to enumerate uninstall key for related bundles., xrefs: 00398C56
                                                                                                                                                                                                            • Failed to open uninstall registry key., xrefs: 00398BBA
                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00398B94
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCompareOpenString
                                                                                                                                                                                                            • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                            • API String ID: 2817536665-2531018330
                                                                                                                                                                                                            • Opcode ID: 78ebe3b1e7ff97ec48c065d7c24cc996d481f3e9b765423e719d0c83a433c0a3
                                                                                                                                                                                                            • Instruction ID: 2a19d4b1ba42f32de62902c18243adafa40970861dc90b89c5271d88f0302e38
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78ebe3b1e7ff97ec48c065d7c24cc996d481f3e9b765423e719d0c83a433c0a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D021A332901118FFDF17ABA4CC45FEEFA7DEB41365F254668F510AA0A0CB754E90DAA0
                                                                                                                                                                                                            Function 00374013 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(00000003,00000001,00000000,00000000,?,003B416C,00000001,00000000,?,003B4203,00000003,00000001,00000001,00000000,00000000,00000000), ref: 00374021
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003B416C,00000001,00000000,?,003B4203,00000003,00000001,00000001,00000000,00000000,00000000,?,0038A55D,?,00000000), ref: 0037402F
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000003,00000001,00000001,?,003B416C,00000001,00000000,?,003B4203,00000003,00000001,00000001,00000000,00000000,00000000), ref: 00374097
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003B416C,00000001,00000000,?,003B4203,00000003,00000001,00000001,00000000,00000000,00000000,?,0038A55D,?,00000000), ref: 003740A1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                            • String ID: dirutil.cpp
                                                                                                                                                                                                            • API String ID: 1375471231-2193988115
                                                                                                                                                                                                            • Opcode ID: e5bae363c58448c6926a7d3b70a691c28247396c999cb202d61ffc2e1dd80416
                                                                                                                                                                                                            • Instruction ID: 5ff6c578a44d1ec3c63eb3e3a67df7d4f5ffa683a155852a8607c53708440f04
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5bae363c58448c6926a7d3b70a691c28247396c999cb202d61ffc2e1dd80416
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1112735600221ABEB331AA54C44B7BF698DF41760F12C125FF4DEB150DB68AC1196E1
                                                                                                                                                                                                            Function 003908F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 0039095F
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00390969
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unexpected call to CabWrite()., xrefs: 00390923
                                                                                                                                                                                                            • Failed to write during cabinet extraction., xrefs: 00390997
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 0039098D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 442123175-3111339858
                                                                                                                                                                                                            • Opcode ID: 87cc4996551c126e6386f29520d6de48ac661ccf346078141c6fe13760eeb09a
                                                                                                                                                                                                            • Instruction ID: 201cf4d2a9591cc0c93024fdda1ec3c21ffe86223f623a73253202be4c61799b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87cc4996551c126e6386f29520d6de48ac661ccf346078141c6fe13760eeb09a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E21BB76600204AFEB0ADF6CDD84EAA77EDEF88314F114159FE08DB262D731DA008B60
                                                                                                                                                                                                            Function 00384880 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,00000000,00000000,00000000,?,00000000,00000000,?,003851A4), ref: 003848CC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to allocate message to write., xrefs: 003848AB
                                                                                                                                                                                                            • Failed to write message type to pipe., xrefs: 0038490E
                                                                                                                                                                                                            • pipe.cpp, xrefs: 00384904
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                                            • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                                                                                                                                                            • API String ID: 3934441357-1996674626
                                                                                                                                                                                                            • Opcode ID: 81b6a8cb4d31b10e1c60d74581a61e89901dfdd1782ae0d20940a1c5c82c8085
                                                                                                                                                                                                            • Instruction ID: 6b0da7690144ac0e955c6cbec1007c3510818abad0fc0a8af90ba7eaa504537b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81b6a8cb4d31b10e1c60d74581a61e89901dfdd1782ae0d20940a1c5c82c8085
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE11CA72A0031ABADB22AF99DC04FEF7BA9EB40300F1141A6F800A6550DB719E10D7A0
                                                                                                                                                                                                            Function 003B0D1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegEnumKeyExW.KERNELBASE(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00398BD8), ref: 003B0D77
                                                                                                                                                                                                            • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00398BD8,00000000), ref: 003B0D99
                                                                                                                                                                                                            • RegEnumKeyExW.KERNELBASE(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,00398BD8,00000000,00000000,00000000), ref: 003B0DF1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Enum$InfoQuery
                                                                                                                                                                                                            • String ID: regutil.cpp
                                                                                                                                                                                                            • API String ID: 73471667-955085611
                                                                                                                                                                                                            • Opcode ID: 057beea938238da512ee0ea1388e86b9657f4028d1f6999db1f7a8c70eac2f14
                                                                                                                                                                                                            • Instruction ID: 2a5a522eabc1a77da48492e25fe778e3cc336859a05dd46f7ba269c05de285b5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 057beea938238da512ee0ea1388e86b9657f4028d1f6999db1f7a8c70eac2f14
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F23185B6901529FFEB268A998D40EEBB7ACEF04754F114066BD04E7550D731DE1096A0
                                                                                                                                                                                                            Function 003988CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,00398C14,00000000,00000000), ref: 0039898C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to open uninstall key for potential related bundle: %ls, xrefs: 003988FB
                                                                                                                                                                                                            • Failed to ensure there is space for related bundles., xrefs: 0039893F
                                                                                                                                                                                                            • Failed to initialize package from related bundle id: %ls, xrefs: 00398972
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                                                                                                                            • API String ID: 47109696-1717420724
                                                                                                                                                                                                            • Opcode ID: c8df45805e48892793c04b2f80c976b37adf029c9e9ad17f41299e87fd5eb838
                                                                                                                                                                                                            • Instruction ID: c87940988582d1b4aed0d07cdd62791601d7f82aaf73a354cf530cfac7cd9e70
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8df45805e48892793c04b2f80c976b37adf029c9e9ad17f41299e87fd5eb838
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55216A3294021ABBDF179F94CC06BFEBB68EB41710F144159FA00AA150DB759E20EB92
                                                                                                                                                                                                            Function 00383955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00383E61,feclient.dll,?,00000000,?,?,?,00374A0C), ref: 003839F1
                                                                                                                                                                                                              • Part of subcall function 003B0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,?), ref: 003B0FE4
                                                                                                                                                                                                              • Part of subcall function 003B0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 003B101F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                            • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                                                                            • API String ID: 1586453840-3596319545
                                                                                                                                                                                                            • Opcode ID: 8b79c514fcdd8a814614d04b9c1c1233d5654fed4de08ce176b3b4221bd1f18a
                                                                                                                                                                                                            • Instruction ID: 7f067c6d497cdbaf80c703e6c5db55da2d560fb34f026c924adfb16085735f0d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b79c514fcdd8a814614d04b9c1c1233d5654fed4de08ce176b3b4221bd1f18a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B118E22A40308BBDB23AA95CD46BBEB7B8AB01F55F5140A6E601AB250D7F19F81D750
                                                                                                                                                                                                            Function 003B0658 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,?,003AFF0B,0038A1AD,0038A1AD,00000000,00000000,0000FDE9,?,?,0038A1AD), ref: 003B066A
                                                                                                                                                                                                            • WriteFile.KERNELBASE(FFFFFFFF,00000000,00000000,0000FDE9,00000000,?,?,003AFF0B,0038A1AD,0038A1AD,00000000,00000000,0000FDE9,?,?,0038A1AD), ref: 003B06A6
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,003AFF0B,0038A1AD,0038A1AD,00000000,00000000,0000FDE9,?,?,0038A1AD), ref: 003B06B0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                                                            • String ID: logutil.cpp
                                                                                                                                                                                                            • API String ID: 606256338-3545173039
                                                                                                                                                                                                            • Opcode ID: 4eb926ef48457a0918d0e7ea09552c21db8c44bb31597b8a659d65003e22f160
                                                                                                                                                                                                            • Instruction ID: 719ca9e84fa7ed6ed5f321c7de398a0b22bf8e0efee0cf6bea217b646b579cf0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4eb926ef48457a0918d0e7ea09552c21db8c44bb31597b8a659d65003e22f160
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB11E972A01228ABD3269AB99D44FEFB76CEBC4765F014315FE05D7540DB709D1086F0
                                                                                                                                                                                                            Function 003AFD20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000900,?,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,003B03EC,00000000,00000000,?,00000001,00000001), ref: 003AFD3F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003B03EC,00000000,00000000,?,00000001,00000001,?,00375523,00000000,?,00000000,00000000,?,00388AF7,00000002), ref: 003AFD4B
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,003B03EC,00000000,00000000,?,00000001,00000001,?,00375523,00000000,?), ref: 003AFDB3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                            • String ID: logutil.cpp
                                                                                                                                                                                                            • API String ID: 1365068426-3545173039
                                                                                                                                                                                                            • Opcode ID: 89e3b430f52feeb4ac16261bca50148065ad99629349d2b5f0e210fafe6f2147
                                                                                                                                                                                                            • Instruction ID: 4c0d50d001ac6e7c12e5ef6f089c035c08cc656e96d1b5ecc0fedae8891d3fe5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89e3b430f52feeb4ac16261bca50148065ad99629349d2b5f0e210fafe6f2147
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7911BF32600219AEDB23AFD0CC05EEF7B68EF55710F014029FE05A6164D7718A20D7A0
                                                                                                                                                                                                            Function 0039074E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0039114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0039077D,?,?,?), ref: 00391177
                                                                                                                                                                                                              • Part of subcall function 0039114F: GetLastError.KERNEL32(?,0039077D,?,?,?), ref: 00391181
                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 0039078B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00390795
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to read during cabinet extraction., xrefs: 003907C3
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 003907B9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                                                            • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2170121939-2426083571
                                                                                                                                                                                                            • Opcode ID: 4d2195d068aae6ab9946f93a01036afdc6ba12593f2124a8266cd1f409ddbae4
                                                                                                                                                                                                            • Instruction ID: f571834f1716437581f89707042332ff54c7e25c562b845ade7dbd8626cd3361
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d2195d068aae6ab9946f93a01036afdc6ba12593f2124a8266cd1f409ddbae4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C901A572A00628BBDB169FA8DC04E9A7BADFF04760F010219FE08E7550D7319E1197D0
                                                                                                                                                                                                            Function 0039114F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0039077D,?,?,?), ref: 00391177
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039077D,?,?,?), ref: 00391181
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to move to virtual file pointer., xrefs: 003911AF
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 003911A5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 2976181284-3005670968
                                                                                                                                                                                                            • Opcode ID: 8e1cb6b573990e87a77f83a3cf74ce6b9b0d924cce018ac606b31afd52f882b6
                                                                                                                                                                                                            • Instruction ID: eac009fe1b24b7432a142ff8657d4ac583d5c0bbdf96a585bb9c9194d6e03703
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e1cb6b573990e87a77f83a3cf74ce6b9b0d924cce018ac606b31afd52f882b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E01A236640626BBDB221AAA9C09E97FF99EF417A4B018229FE08A6550DB259C10C7D4
                                                                                                                                                                                                            Function 0037D7CF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0037D7F6
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(?,?,003747D1,00000000,?,?,00375386,?,?), ref: 0037D805
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003747D1,00000000,?,?,00375386,?,?), ref: 0037D80F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • BootstrapperApplicationDestroy, xrefs: 0037D7EE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                                                            • String ID: BootstrapperApplicationDestroy
                                                                                                                                                                                                            • API String ID: 1144718084-3186005537
                                                                                                                                                                                                            • Opcode ID: 0c46b0185c5a9f3a8d9f0cfad344747a42e4aa5dbb567b446e3b3a6280b17abb
                                                                                                                                                                                                            • Instruction ID: 0e90d186cb781a85d7eae05b8dd3b0e10ab6530f620e99603ea700b318de943f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c46b0185c5a9f3a8d9f0cfad344747a42e4aa5dbb567b446e3b3a6280b17abb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0F0FF362007049FD7325F66DC04A67B7F9BF80766B01C52DE55AC6550DB75E810CB60
                                                                                                                                                                                                            Function 0038F086 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 0038F09B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038F0A5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 0038F0C9
                                                                                                                                                                                                            • Failed to post plan message., xrefs: 0038F0D3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                                                                                                                            • API String ID: 2609174426-2952114608
                                                                                                                                                                                                            • Opcode ID: e18af4a922506fae602dcc8b2451f3714654248afe5b42328f9168e6dc025247
                                                                                                                                                                                                            • Instruction ID: 840505c157157e12331921b8a34b60a9c584694421a18c4e897ef1945597eca3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e18af4a922506fae602dcc8b2451f3714654248afe5b42328f9168e6dc025247
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71F0EC327443347FE72636695C09FD7BBC8DF04BA4F024125FE0DEA091DA558C0086E4
                                                                                                                                                                                                            Function 0038F194 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 0038F1A9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038F1B3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post shutdown message., xrefs: 0038F1E1
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 0038F1D7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                                                                                                                            • API String ID: 2609174426-188808143
                                                                                                                                                                                                            • Opcode ID: 1b79cb888f95b55e0ed521ed0714f8a32d4a5d36be402d9a680d8080b6b3931f
                                                                                                                                                                                                            • Instruction ID: 480dedebf98479c4c8472a6be171b3c6abde7598fbbb67cae75e4a8ec607d5f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b79cb888f95b55e0ed521ed0714f8a32d4a5d36be402d9a680d8080b6b3931f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF0A736B443346AE7266AA99C09F977AC8EF04B64F024125FE09EA090DA558D0087E4
                                                                                                                                                                                                            Function 0039051A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetEvent.KERNEL32(?,00000000,?,0039145A,00000000,00000000,?,0037C121,00000000,?,?,0039AB88,?,00000000,?,?), ref: 00390524
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039145A,00000000,00000000,?,0037C121,00000000,?,?,0039AB88,?,00000000,?,?,?,00000000), ref: 0039052E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set begin operation event., xrefs: 0039055C
                                                                                                                                                                                                            • cabextract.cpp, xrefs: 00390552
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorEventLast
                                                                                                                                                                                                            • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                                                            • API String ID: 3848097054-4159625223
                                                                                                                                                                                                            • Opcode ID: b135b86f63af80337f1ba7be4d98aa1a17fe310a9fd7901ca77281ff2f97134c
                                                                                                                                                                                                            • Instruction ID: 0294fff2739837781fe5ba3ff5bdce1cf251bc17526b2b4ddd92696ff605052a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b135b86f63af80337f1ba7be4d98aa1a17fe310a9fd7901ca77281ff2f97134c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF02033E04B346BAB2776B96C05BDBB6C8CF047A0B02012AFE08FB040EA158D0052E9
                                                                                                                                                                                                            Function 0038E978 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 0038E98D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038E997
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to post apply message., xrefs: 0038E9C5
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 0038E9BB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                                                                                                                            • API String ID: 2609174426-1304321051
                                                                                                                                                                                                            • Opcode ID: 339bcb7a7c9bc6f80dd82772e59bf0c3674b658233358244477f3943cc61bda2
                                                                                                                                                                                                            • Instruction ID: 032055a2e989162c18456f501f599a05bf1562fd1736d304e8cab1a05e0aba91
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 339bcb7a7c9bc6f80dd82772e59bf0c3674b658233358244477f3943cc61bda2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F0A732B443346AE72636A99C09F97BBC8DF04BA4F024126FE09EA091DA658C0097E4
                                                                                                                                                                                                            Function 0038EA09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 0038EA1E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038EA28
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • EngineForApplication.cpp, xrefs: 0038EA4C
                                                                                                                                                                                                            • Failed to post detect message., xrefs: 0038EA56
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                            • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                                                                                                                            • API String ID: 2609174426-598219917
                                                                                                                                                                                                            • Opcode ID: bd5b31f7b9dd5e904c6cee110de2c53a9c2761086dbc5c6d6b27ce2992e4c7d8
                                                                                                                                                                                                            • Instruction ID: 616da83a2e1ed816a3a8c02d3128045243e6d94eff869ed7d2db82889dedb542
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd5b31f7b9dd5e904c6cee110de2c53a9c2761086dbc5c6d6b27ce2992e4c7d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF0A736B443346BE72666699C09F97BAD8EF04BA1F024115FE09EA090DA558D00C6E4
                                                                                                                                                                                                            Function 003B3DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 003B3E5E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 003B3EC1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastRead
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 1948546556-2967768451
                                                                                                                                                                                                            • Opcode ID: 068c9e31b1cf32517703aa43758f790dc765c0b74ac4202095697d9c63f87b71
                                                                                                                                                                                                            • Instruction ID: 0c70ca5eb16fa43f4277998114cec14972c97b15aa454aeb4f44b68406f4f6d7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 068c9e31b1cf32517703aa43758f790dc765c0b74ac4202095697d9c63f87b71
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB414E72E002799BDB22CE58CD407EAB7A8EF48755F0141A7BA49E7640D7B4DEC48B90
                                                                                                                                                                                                            Function 003855BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 003855D9
                                                                                                                                                                                                            • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00385633
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to initialize COM on cache thread., xrefs: 003855E5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                                                                                            • String ID: Failed to initialize COM on cache thread.
                                                                                                                                                                                                            • API String ID: 3442037557-3629645316
                                                                                                                                                                                                            • Opcode ID: 9e039a202d0525cd5e10027c00a16f9889b0a61d360b223a6fe079a4b172ff16
                                                                                                                                                                                                            • Instruction ID: 064caa307b9242d32d241f392800df9be599c1941134f8f64bdd9565aba903b4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e039a202d0525cd5e10027c00a16f9889b0a61d360b223a6fe079a4b172ff16
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F016D72600619BFCB069FA9D880DDAF7ACFF08354B408266FA09D7121DB71AD548B90
                                                                                                                                                                                                            Function 0037501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00371104,?,?,00000000), ref: 0037503A
                                                                                                                                                                                                            • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00371104,?,?,00000000), ref: 0037506A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CompareStringlstrlen
                                                                                                                                                                                                            • String ID: burn.clean.room
                                                                                                                                                                                                            • API String ID: 1433953587-3055529264
                                                                                                                                                                                                            • Opcode ID: 89a82114f752e25a43592b698ab83ae31471a673f839bc19c84d62114aedc1f6
                                                                                                                                                                                                            • Instruction ID: eaacd9e698d3be7172b9e9584d2690d518740f08b5cd79e115723794ccc7ddeb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89a82114f752e25a43592b698ab83ae31471a673f839bc19c84d62114aedc1f6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE01D172601A25AE833A4B68AD88D73B76CFB08764B128216FA4DC3610C7F5AC40D7E1
                                                                                                                                                                                                            Function 003B4CEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,003B3E85,?,?,?), ref: 003B4D12
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,003B3E85,?,?,?), ref: 003B4D1C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 442123175-2967768451
                                                                                                                                                                                                            • Opcode ID: 092eede25550a4ae9f12304180b67ffc1a07d7d31bd6c8580c5b98ef9bff5550
                                                                                                                                                                                                            • Instruction ID: baf3eb4427ad23737f43636e7aa471acd5fd508d497c49f84d27267740a132d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 092eede25550a4ae9f12304180b67ffc1a07d7d31bd6c8580c5b98ef9bff5550
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8FF08672601229BBD7129E99DC45EDBB75DFB44751F014116FE04D7101E7309E0086E0
                                                                                                                                                                                                            Function 003733D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,00000000,00000000,?,0039AD27,00000001,00000000,?,WixBundleSourceProcessPath,00000001,?), ref: 003733F8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0039AD27,00000001,00000000,?,WixBundleSourceProcessPath,00000001,?,?,?,?,?,?,?,?,?), ref: 0037340F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                            • String ID: pathutil.cpp
                                                                                                                                                                                                            • API String ID: 2776309574-741606033
                                                                                                                                                                                                            • Opcode ID: bc4a066b23c27e818cc4541aee31ac4fc81143bb4c027d9a2a2aa105c4f3cc07
                                                                                                                                                                                                            • Instruction ID: fd0e2df500b38c270c4a07602650f82b6bf72076534d59ab49b0a072f5441b34
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc4a066b23c27e818cc4541aee31ac4fc81143bb4c027d9a2a2aa105c4f3cc07
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51F0C273B002246BE737666A5C48A97FA9DDB45760B128122FE0DFB510CB69CD0192E0
                                                                                                                                                                                                            Function 003B47D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,?,?,00000000,?,00000000,00000000,00000000,?,003B6219,?,?,00000000,00000000,00000000,00000001), ref: 003B47EB
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,003B6219,?,?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,003B5AC5,?,?,?), ref: 003B47F5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID: fileutil.cpp
                                                                                                                                                                                                            • API String ID: 2976181284-2967768451
                                                                                                                                                                                                            • Opcode ID: 482416cf10a1122e0f971a87c08baad0a2b6a1acaffacdf06619557d182bafa8
                                                                                                                                                                                                            • Instruction ID: c9bfd226936e4343962f11f6695d87a4ea696dfb8cd9881b15e4707949bb7425
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 482416cf10a1122e0f971a87c08baad0a2b6a1acaffacdf06619557d182bafa8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55F06D71A00259AFDB129F95DC05DAB7BACEB04354F014119BE09D7611E732CD10D6E4
                                                                                                                                                                                                            Function 003737EA Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00373829
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00373833
                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 0037389B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1230559179-0
                                                                                                                                                                                                            • Opcode ID: d16f1d4a99a65fa71ac00a94f37c3e54e6f70da152e9556a0ece45653671035f
                                                                                                                                                                                                            • Instruction ID: 6dcd14cf2e66e2947e68a6f08d8f24f0b818df0012dd72e5f01ef459dd4fc2cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d16f1d4a99a65fa71ac00a94f37c3e54e6f70da152e9556a0ece45653671035f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E421F8B2D0132977DB329B648C45F9AB36CAF00710F114165BE18EB241EA74DE489AA1
                                                                                                                                                                                                            Function 00373999 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00373B34,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?,?,00371511), ref: 003739A3
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,00373B34,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?,?,00371511,?,?), ref: 003739AA
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00373B34,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?,?,00371511,?,?,00000001), ref: 003739B4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 406640338-0
                                                                                                                                                                                                            • Opcode ID: 2777ed181d14e1ac50d99038ffaefb6e54a2950a2ad47cb9ed57522b741fe3d9
                                                                                                                                                                                                            • Instruction ID: 8afa430bc4f8d65c55a8beaefa64a1ac3df0685b45140d7c270b42827162ded9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2777ed181d14e1ac50d99038ffaefb6e54a2950a2ad47cb9ed57522b741fe3d9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94D01232A0023467C7212BFA5C0C697FE9CEF466A5B014121FF09D2110DB65881096E4
                                                                                                                                                                                                            Function 0038E7EB Relevance: 4.5, APIs: 3, Instructions: 19synchronizationwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 0038E7F8
                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0038E80E
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00003A98,?,00374B37,?,?,?,?,?,003BB490,?,?,?,?,?,?), ref: 0038E81F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageObjectPostSingleWaitWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1391784381-0
                                                                                                                                                                                                            • Opcode ID: 485c056a46631ced8dbe13764d6e41c0c80f5ca2df0beb8fad2fde76c029421d
                                                                                                                                                                                                            • Instruction ID: aa2c89e789381f92cfc54771c155e08323d1321e5557e47bf54f754c2264715c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 485c056a46631ced8dbe13764d6e41c0c80f5ca2df0beb8fad2fde76c029421d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEE0E631280304BBD7275B60DC0ABDABB9CFB05751F080629B759650E0CBE175509754
                                                                                                                                                                                                            Function 0037F5E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,00387B4D,?,?,?), ref: 0037F644
                                                                                                                                                                                                              • Part of subcall function 003B0EEC: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000078,00000000,?,?,?,003B56EF,00000000,?,003B63FF,00000078,00000000), ref: 003B0F10
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                            • String ID: Installed
                                                                                                                                                                                                            • API String ID: 3677997916-3662710971
                                                                                                                                                                                                            • Opcode ID: 2b4db6bbc28e19146417593ae674983bc6cecac78c081314158926415dc48626
                                                                                                                                                                                                            • Instruction ID: c8c76c727274b85b57f51cd65e53074451eef4a38fa3d53358dba55c78149598
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b4db6bbc28e19146417593ae674983bc6cecac78c081314158926415dc48626
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3001A232810118FFCB26EB94C846BEEBBB8FF04311F1181A4E900AB120D7799E50DB90
                                                                                                                                                                                                            Function 003B9006 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,000000B0,00000088,00000410,000002C0), ref: 003B905C
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: %ls%ls\%ls\%ls
                                                                                                                                                                                                            • API String ID: 47109696-1267659288
                                                                                                                                                                                                            • Opcode ID: f6a781b6e4e8d3bbe97bd2bc3711fa25a1bcf1f5c6e9866c886496705f79f0fa
                                                                                                                                                                                                            • Instruction ID: a27987e8d4e5b9c0e47d37ef7d38f62bb7776cb784d8ceafd2a98faa91baa0fc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6a781b6e4e8d3bbe97bd2bc3711fa25a1bcf1f5c6e9866c886496705f79f0fa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F014B3280121CFBDF23ABD0DD06BEEBB79EB0435AF004196FA0466160D7765B60EB90
                                                                                                                                                                                                            Function 003738D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,00371490,00000000,00000001,00000000,?,?,00371511,?,?,00000001,00000000,00000000,?), ref: 003738E5
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00371490,00000000,00000001,00000000,?,?,00371511,?,?,00000001,00000000,00000000,?), ref: 003738EC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1357844191-0
                                                                                                                                                                                                            • Opcode ID: 1b2de7550184511066e04a8811f436fb888005420cf2c6dd32c237bd2e7b6861
                                                                                                                                                                                                            • Instruction ID: 6fc878e03e90bc8fdd15dd194be4222786e7022387acc9576fdf506e3a59b0e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b2de7550184511066e04a8811f436fb888005420cf2c6dd32c237bd2e7b6861
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CC01232190208A7CB015FF8DC1EC59779CA754706B008500B605D2110CB7CE0148B60
                                                                                                                                                                                                            Function 003B3499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 003B34CE
                                                                                                                                                                                                              • Part of subcall function 003B2F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,003B34DF,00000000,?,00000000), ref: 003B2F3D
                                                                                                                                                                                                              • Part of subcall function 003B2F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0039BDED,?,003752FD,?,00000000,?), ref: 003B2F49
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 52713655-0
                                                                                                                                                                                                            • Opcode ID: 32b4fc5519c47de3661d261de17c2ffaaa6e7ece360ce505f290265128f4bcc0
                                                                                                                                                                                                            • Instruction ID: ab8154f7b37ed69a9906d954d04ddd9527c0eb8688a0957f17c84aab381d7e81
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32b4fc5519c47de3661d261de17c2ffaaa6e7ece360ce505f290265128f4bcc0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0312D76E006299BCB11DFA8C884ADEF7F8EF09750F01456AEE15EB311D670DD048BA0
                                                                                                                                                                                                            Function 003B907D Relevance: 1.6, APIs: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 003B8CFB: lstrlenW.KERNEL32(00000100,?,?,003B9098,000002C0,00000100,00000100,00000100,?,?,?,00397B40,?,?,000001BC,00000000), ref: 003B8D1B
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(000002C0,000002C0,00000100,00000100,00000100,?,?,?,00397B40,?,?,000001BC,00000000,00000000,00000000,00000100), ref: 003B9136
                                                                                                                                                                                                              • Part of subcall function 003B0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,003B5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 003B0E52
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenlstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 514153755-0
                                                                                                                                                                                                            • Opcode ID: f07ce7867d1077ec2b29f73bca37a8b6c1991049b8a167c3ccfcadadd20bbc29
                                                                                                                                                                                                            • Instruction ID: a19cc9c952f62eb11c83586142e7fe141e2cc7a9211c9baeb178ab45ad7356fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f07ce7867d1077ec2b29f73bca37a8b6c1991049b8a167c3ccfcadadd20bbc29
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30217472C0152AEBCF23AEA8C8459DEBAB5EB44754B124266FF01AB521D3324E50E690
                                                                                                                                                                                                            Function 003B5728 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,003DAAA0,00000000,?,00000000,?,0038890E,WiX\Burn,PackageCache,00000000,003DAAA0,00000000,?,?), ref: 003B5782
                                                                                                                                                                                                              • Part of subcall function 003B0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,?), ref: 003B0FE4
                                                                                                                                                                                                              • Part of subcall function 003B0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 003B101F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue$Close
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1979452859-0
                                                                                                                                                                                                            • Opcode ID: 7f90299419ada57a5e0c3bf5d6d5f8c2d2968c8df60f696ca03eb17b534b552f
                                                                                                                                                                                                            • Instruction ID: 45436449f2c7a3eb15dc388343d06d8051cdb2258f2d61899e82640342a71898
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f90299419ada57a5e0c3bf5d6d5f8c2d2968c8df60f696ca03eb17b534b552f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC118A76901529EFCF236E94DD827EEB769EB04319F164279EF016B510CB314D50D6D0
                                                                                                                                                                                                            Function 00387BD5 Relevance: 1.5, APIs: 1, Instructions: 34windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostQuitMessage.USER32(003BB508), ref: 00387C1B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePostQuit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1657236379-0
                                                                                                                                                                                                            • Opcode ID: b3ba9763674781f5eec0104515db98546935459795d9289774587e25c6b39ad5
                                                                                                                                                                                                            • Instruction ID: aba84d42c3f037e71c6db58578f5e4be97a89121a2f5e2250a7f8a5454f48f1d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3ba9763674781f5eec0104515db98546935459795d9289774587e25c6b39ad5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F0E57290022577C7333E9A9C09DABBBAEEFC2B64F054165BA0CAB111CA708900C3E0
                                                                                                                                                                                                            Function 003734C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,00000000,00000000,00000104,00000000,?,003889CA,0000001C,?,00000000,?,?), ref: 003734E5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                                                                            • Opcode ID: 4c442bc3c542baeb04b30f7eab306c13aa241d7de0b336ff5d46001b86d38f9a
                                                                                                                                                                                                            • Instruction ID: 83f13541941c936aa43659b38ca02e9db432cec8e56be035c39430a7057c077d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c442bc3c542baeb04b30f7eab306c13aa241d7de0b336ff5d46001b86d38f9a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DE012B62012257BE6172EA65C05DEB7B9CDF05754B08C051BE48E6000EA69EA1096B0
                                                                                                                                                                                                            Function 003740E2 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00000000,?,0038A229,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,?), ref: 003740EB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                            • Opcode ID: 0580452788f382fce96a9fee55ca38368a258e16295f96bcfd2e613dd39ed741
                                                                                                                                                                                                            • Instruction ID: ccdbcbf93bb71ff917a45dd2ec8462d00a75607da74a6774f2ea85871859066e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0580452788f382fce96a9fee55ca38368a258e16295f96bcfd2e613dd39ed741
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83D02B3130112C17473AAE6E8C04566BB19DF127B0782C214ED19CA1B0C370AC51C3C0
                                                                                                                                                                                                            Function 00371360 Relevance: 1.3, APIs: 1, Instructions: 88stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00373B51: GetProcessHeap.KERNEL32(00000000,?,?,00373ADE,?,00000000,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?), ref: 00373B59
                                                                                                                                                                                                              • Part of subcall function 00373B51: HeapSize.KERNEL32(00000000,?,00373ADE,?,00000000,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?,?,00371511), ref: 00373B60
                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?), ref: 0037139B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3492610842-0
                                                                                                                                                                                                            • Opcode ID: 6a912b50695a861dad068c4f4d68c181b7ca830d485ee934a5aebd06f78d1b40
                                                                                                                                                                                                            • Instruction ID: 48a1ac2664c1911828c0db2c49257bbb9a9691ad1768672d357e42d26087e4d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a912b50695a861dad068c4f4d68c181b7ca830d485ee934a5aebd06f78d1b40
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8421E137D00218AFDB339F6EC8406ADB7B9EF88360F16C169ED086B250C7389D119B80
                                                                                                                                                                                                            Function 003714B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,003721B8,?,00000000,00000000,00000000,?,00388A22,00000000,00000000,00000000,00000000), ref: 003714E4
                                                                                                                                                                                                              • Part of subcall function 00373B51: GetProcessHeap.KERNEL32(00000000,?,?,00373ADE,?,00000000,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?), ref: 00373B59
                                                                                                                                                                                                              • Part of subcall function 00373B51: HeapSize.KERNEL32(00000000,?,00373ADE,?,00000000,00000000,?,00371472,?,00000000,00000000,00000000,00000000,?,?,00371511), ref: 00373B60
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.66827848578.0000000000371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827817333.0000000000370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827932639.00000000003BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66827984518.00000000003DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.66828018004.00000000003DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_370000_VC_redist.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3492610842-0
                                                                                                                                                                                                            • Opcode ID: b0142d7efc7f3bd622d56f2acfec83118ccb5d3dd355d38bcd38605bc66fc0c8
                                                                                                                                                                                                            • Instruction ID: af15383e5e883e9effdb6de5828dc90f8a2722139921247d1d73334bd89189b0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0142d7efc7f3bd622d56f2acfec83118ccb5d3dd355d38bcd38605bc66fc0c8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2901F577200218AFCF335E59CC44F9AB7A9AF81764F22C225FA2DAB160D739DC109690